CVE-2014-100039: Input Validation
First published: Tue Jan 13 2015(Updated: )
mbae.sys in Malwarebytes Anti-Exploit before 1.05.1.2014 allows local users to cause a denial of service (crash) via a crafted size in an unspecified IOCTL call, which triggers an out-of-bounds read. NOTE: some of these details are obtained from third party information.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Malwarebytes Anti-Exploit | <=1.04.1.1012 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2014-100039?
CVE-2014-100039 is classified as a denial of service vulnerability, which can lead to crashes in Malwarebytes Anti-Exploit.
How do I fix CVE-2014-100039?
To fix CVE-2014-100039, update Malwarebytes Anti-Exploit to version 1.05.1.2014 or later.
What software is affected by CVE-2014-100039?
CVE-2014-100039 affects Malwarebytes Anti-Exploit versions up to and including 1.04.1.1012.
What type of attack does CVE-2014-100039 involve?
CVE-2014-100039 involves a local attack that exploits a crafted size in an IOCTL call, leading to an out-of-bounds read.
Can CVE-2014-100039 be exploited remotely?
CVE-2014-100039 cannot be exploited remotely as it requires local user access.
- agent/references
- agent/type
- agent/softwarecombine
- agent/severity
- agent/author
- agent/weakness
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/malwarebytes
- canonical/malwarebytes anti-exploit
- version/malwarebytes anti-exploit/1.04.1.1012