Malwarebytes fixes memory corruption issue

Dec 8, 2015 22:08 GMT  ·  By

A security vulnerability was discovered and patched in the Malwarebytes antivirus for Windows, as COSIG (Centre Opérationnel de Sécurité Informatique Gouvernemental) is reporting.

The discovery was made by Francis Provencher, a member of the COSIG research & pentesting team based in Quebec, Canada.

According to Mr. Provencher, the vulnerability is triggered "when a malformed executable with an invalid integer (-1) in the 'SizeOfRawData' in UPX section is parsed by [the] Malwarebytes [antivirus]."

This leads to a memory corruption on the user's computer, which, in turn, exposes the system to situations where arbitrary code can be executed by an attacker leveraging this issue.

A memory corruption occurs when the content of a memory location is unintentionally modified by programming errors, or in this case, by malicious code.

Mr. Provencher and COSIG reported the issue to Malwarebytes Corporation, the company behind Malwarebytes Anti-Malware (MBAM), the antivirus solution where the vulnerability was discovered.

Malwarebytes, a company that entered the antivirus market in 2008 and has gained quite a reputation in the meantime, responded to the finding and issued a security patch for its product in less than two days.

Proof-of-concept code is available on GitHub and via the Protek Research Lab website.

"A vulnerability in Malwarebytes Anti-Malware 2.2.0 was reported to us by an independent researcher," a Malwarebytes spokesperson told Softpedia. "A fix was released two days after it was reported to us and we have seen no evidence it has ever been used in the wild. We work closely with external researchers, and are grateful for the opportunity to improve our products."  

Malwarebytes Anti-Malware
Malwarebytes Anti-Malware

Malwarebytes Anti-Malware Screenshots (10 Images)

Malwarebytes Anti-Malware
Malwarebytes Anti-MalwareMalwarebytes Anti-Malware
+7more