CVE-2014-100039

Malwarebytes Anti-exploit < 1.04.1.1012 - Improper Input Validation

Title source: rule

Description

mbae.sys in Malwarebytes Anti-Exploit before 1.05.1.2014 allows local users to cause a denial of service (crash) via a crafted size in an unspecified IOCTL call, which triggers an out-of-bounds read. NOTE: some of these details are obtained from third party information.

Exploits (1)

exploitdb WORKING POC

by Parvez Anwar · cdoswindows

https://www.exploit-db.com/exploits/35842

View Code ZIP pw:eip

References (2)

[Various Sources] https://www.malwarebytes.org/support/releasehistory/

[Third Party Advisory, VDB Entry] http://www.osvdb.org/114249

Scores

EPSS 0.0047

EPSS Percentile 64.8%

Details

CWE

CWE-20

Status published

Products (1)

malwarebytes/malwarebytes_anti-exploit < 1.04.1.1012

Published Jan 13, 2015

Tracked Since Feb 18, 2026