Link following in Malwarebytes Endpoint Security and Malwarebytes For Home - CVE-2020-28641
Published: December 22, 2020
Vulnerability identifier: #VU49117
CSH Severity: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2020-28641
CWE-ID: CWE-59
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Malwarebytes Endpoint Security
Malwarebytes For Home
Malwarebytes Endpoint Security
Malwarebytes For Home
Software vendor:
Malwarebytes
Malwarebytes
Description
The vulnerability allows a local user to delete arbitrary files on the system.
The vulnerability exists within the file quarantine mechanism due to software fails to verify if the target file is a symbolic link before deleting it. A local user can create a symbolic link to arbitrary file on the system and delete the file with elevated privileges.
Remediation
Install updates from vendor's website.
External links
- https://fortiguard.com/zeroday/FG-VD-20-119
- https://support.malwarebytes.com/hc/en-us/articles/360058885974-Arbitrary-file-deletion-vulnerability-fixed-in-Malwarebytes-for-Windows
- https://support.malwarebytes.com/hc/en-us/articles/1500000403501-Arbitrary-file-deletion-vulnerability-fixed-in-Malwarebytes-Endpoint-Protection