Malwarebytes 4.5 contains an unquoted service path vulnerability in the MBAMService executable that allows local attackers to escalate privileges by injecting malicious code into the system root path. Attackers can place executable files in unquoted path directories that execute with LocalSystem privileges during service startup or system reboot.
Metrics
Affected Vendors & Products
References
History
Wed, 15 Jul 2026 02:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| CPEs | cpe:2.3:a:malwarebytes:malwarebytes:4.5.0:*:*:*:*:windows:*:* |
Mon, 22 Jun 2026 15:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Fri, 19 Jun 2026 21:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Malwarebytes
Malwarebytes malwarebytes |
|
| Vendors & Products |
Malwarebytes
Malwarebytes malwarebytes |
Fri, 19 Jun 2026 18:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Malwarebytes 4.5 contains an unquoted service path vulnerability in the MBAMService executable that allows local attackers to escalate privileges by injecting malicious code into the system root path. Attackers can place executable files in unquoted path directories that execute with LocalSystem privileges during service startup or system reboot. | |
| Title | Malwarebytes 4.5 Unquoted Service Path Privilege Escalation | |
| Weaknesses | CWE-428 | |
| References |
| |
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: VulnCheck
Published: 2026-06-19T14:16:53.479Z
Updated: 2026-07-15T01:24:47.114Z
Reserved: 2026-01-11T13:34:26.334Z
Link: CVE-2022-50971
Updated: 2026-06-22T14:34:05.440Z
No data.
No data.