Full title: Malwarebytes Anti-Malware / Anti-Exploit Update Remote Code Execution Exploit 
Category: remote exploits
Platform: windows
This Metasploit module exploits a vulnerability in the update functionality of Malwarebytes Anti-Malware consumer before 2.0.3 and Malwarebytes Anti-Exploit consumer 1.03.1.1220. Due to the lack of proper update package validation a man-in-the-middle attacker could execute arbitrary code by spoofing the update server data-cdn.mbamupdates.com and uploading an executable. This Metasploit module has been tested successfully with MBAM 2.0.2.1012 and MBAE 1.03.1.1220.

# 0day.today @ http://0day.today/