CVE-2016-10717
First published: Wed Mar 21 2018(Updated: )
A vulnerability in the encryption and permission implementation of Malwarebytes Anti-Malware consumer version 2.2.1 and prior (fixed in 3.0.4) allows an attacker to take control of the whitelisting feature (exclusions.dat under %SYSTEMDRIVE%\ProgramData) to permit execution of unauthorized applications including malware and malicious websites. Files blacklisted by Malwarebytes Malware Protect can be executed, and domains blacklisted by Malwarebytes Web Protect can be reached through HTTP.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Malwarebytes Anti-Malware | =2.2.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2016-10717?
CVE-2016-10717 is classified as a moderate severity vulnerability due to its impact on the whitelisting feature in Malwarebytes Anti-Malware.
How do I fix CVE-2016-10717?
To fix CVE-2016-10717, update Malwarebytes Anti-Malware to version 3.0.4 or later.
What products are affected by CVE-2016-10717?
CVE-2016-10717 affects Malwarebytes Anti-Malware consumer version 2.2.1 and earlier.
What type of attack may exploit CVE-2016-10717?
An attacker may exploit CVE-2016-10717 to gain control over the exclusions.dat file and execute unauthorized applications.
When was CVE-2016-10717 disclosed?
CVE-2016-10717 was disclosed in 2016.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/last-modified-date
- agent/severity
- agent/weakness
- agent/references
- agent/description
- agent/event
- agent/first-publish-date
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/malwarebytes
- canonical/malwarebytes anti-malware
- version/malwarebytes anti-malware/2.2.1