CVE-2014-100039

Malwarebytes Anti-Exploit < 1.04.1.1012 - Denial of Service via IOCTL Call

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2014-100039. PoCs published by Parvez Anwar.

AI-analyzed exploit summary This exploit demonstrates an out-of-bounds read vulnerability in MalwareBytes Anti-Exploit (mbae.sys) by sending a crafted buffer to the ESProtectionDriver device, leading to a Denial of Service (DoS). The PoC allocates a buffer, fills it with specific bytes, and uses DeviceIoControl to trigger the vulnerability.

Description

mbae.sys in Malwarebytes Anti-Exploit before 1.05.1.2014 allows local users to cause a denial of service (crash) via a crafted size in an unspecified IOCTL call, which triggers an out-of-bounds read. NOTE: some of these details are obtained from third party information.

Exploits (1)

exploitdb WORKING POC
by Parvez Anwar · cdoswindows
https://www.exploit-db.com/exploits/35842

This exploit demonstrates an out-of-bounds read vulnerability in MalwareBytes Anti-Exploit (mbae.sys) by sending a crafted buffer to the ESProtectionDriver device, leading to a Denial of Service (DoS). The PoC allocates a buffer, fills it with specific bytes, and uses DeviceIoControl to trigger the vulnerability.

Classification
Working Poc 95%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: MalwareBytes Anti-Exploit 1.03.1.1220, 1.04.1.1012
No auth needed
Prerequisites: Access to the target system · Ability to execute code on the target system
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/114249
Various Sources x_refsource_confirm
https://www.malwarebytes.org/support/releasehistory/

Scores

EPSS 0.0047
EPSS Percentile 65.3%

Details

CWE
CWE-20
Status published
Products (1)
malwarebytes/malwarebytes_anti-exploit < 1.04.1.1012
Published Jan 13, 2015
Tracked Since Feb 18, 2026