PT-2020-6825 · Malwarebytes · Malwarebytes Free

Published

2020-09-03

Updated

2020-12-23

CVE-2020-28641

CVSS v3.1

7.1

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Name of the Vulnerable Software and Affected Versions Malwarebytes Free version 4.1.0.56

Description The issue is related to the incorrect determination of a link before accessing a file, which can be exploited by creating a symbolic link to delete an arbitrary file on the system. This can be achieved by exploiting the local quarantine system.

Recommendations For Malwarebytes Free version 4.1.0.56, consider disabling the local quarantine system as a temporary workaround until a patch is available. Restrict access to the quarantine system to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Link Following

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-59

Related Identifiers

BDU:2022-07493

CVE-2020-28641

Affected Products

Malwarebytes Free

PT-2020-6825 · Malwarebytes · Malwarebytes Free

CVE-2020-28641

Weakness Enumeration

Related Identifiers

Affected Products

References · 10