CVE-2024-6260

CVSS 3.0 Score 7.0 of 10 (high)

Details

Published Nov 22, 2024
CWE ID 59

Summary

CVE-2024-6260 is a privilege escalation vulnerability affecting Malwarebytes Antimalware. Local attackers can exploit this flaw by manipulating symbolic links in the Malwarebytes service, enabling them to delete a critical file. With successful exploitation, an attacker can escalate privileges and run arbitrary code with SYSTEM level access. The prerequisite for an attack is the ability to execute low-privileged code on the target system. This vulnerability, identified as ZDI-CAN-22321, underscores the importance of maintaining secure software configurations.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share