#####################################################################################
Application: Malwarebytes Antivirus
Platforms: Windows
Versions: 2.2.0.
CVE: No CVE have been assigned
Author: Francis Provencher of COSIG
Twitter: @COSIG_
#####################################################################################
1) Introduction
2) Report Timeline
3) Technical details
4) POC
#####################################################################################
===============
1) Introduction
===============
Malwarebytes Anti-Malware (MBAM) is an application for computers running under the Microsoft Windows and Apple OS Xoperating system that finds and removes malware.[3] Made by Malwarebytes Corporation, it was first released in January 2008. It is available in a free version, which scans for and removes malware when started manually, and a paid version, which additionally provides scheduled scans, real-time protection and a flash memory scanner.
(http://www.oracle.com/us/technologies/embedded/025613.htm)
#####################################################################################
============================
2) Report Timeline
============================
2015-11-28: Francis Provencher of COSIG found the issue;
2015-11-30: Francis Provencher of COSIG report vulnerability to Malwarebytes;
2015-12-02: Malwarebytes release a patch for this issue;
#####################################################################################
============================
3) Technical details
============================
When a malformed executable with an invalid integer (-1) in the “SizeOfRawData” in UPX section is parsed by Malwarebytes, a memory corruption occured. Successful exploitation of the vulnerabilities may allow execution of arbitrary code.
#####################################################################################
===========
4) POC
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/38858.exe
