CVE-2014-100039

low

Published 2015-01-13 · Modified 2026-05-06

CVSS v3

—

CVSS v2

2.1

VIR risk

2.1

Description

mbae.sys in Malwarebytes Anti-Exploit before 1.05.1.2014 allows local users to cause a denial of service (crash) via a crafted size in an unspecified IOCTL call, which triggers an out-of-bounds read. NOTE: some of these details are obtained from third party information.

Predictions

Exploit likelihood

20%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

No vendor mitigations ingested yet for this CVE. The mitigation-content worker queues fetches as references arrive — check back in a few minutes, or see the references list below.

Application impact

Vendor	Product	Versions	Fixed
malwarebytes	malwarebytes_anti-exploit	`{"endIncluding":"1.04.1.1012"}`

References

http://www.osvdb.org/114249
https://www.malwarebytes.org/support/releasehistory/
http://www.osvdb.org/114249
https://www.malwarebytes.org/support/releasehistory/

CWEs

CWE-20

Verify integrity in audit chain (admin only). AS-IS.