{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2022-50971","assignerOrgId":"83251b91-4cc7-4094-a5c7-464a1b83ea10","state":"PUBLISHED","assignerShortName":"VulnCheck","dateReserved":"2026-01-11T13:34:26.334Z","datePublished":"2026-06-19T14:16:53.479Z","dateUpdated":"2026-06-22T14:34:09.908Z"},"containers":{"cna":{"providerMetadata":{"orgId":"83251b91-4cc7-4094-a5c7-464a1b83ea10","shortName":"VulnCheck","dateUpdated":"2026-06-19T14:16:53.479Z"},"datePublic":"2022-05-03T00:00:00.000Z","title":"Malwarebytes 4.5 Unquoted Service Path Privilege Escalation","descriptions":[{"lang":"en","value":"Malwarebytes 4.5 contains an unquoted service path vulnerability in the MBAMService executable that allows local attackers to escalate privileges by injecting malicious code into the system root path. Attackers can place executable files in unquoted path directories that execute with LocalSystem privileges during service startup or system reboot."}],"problemTypes":[{"descriptions":[{"lang":"en","description":"Unquoted Search Path or Element","cweId":"CWE-428","type":"CWE"}]}],"affected":[{"vendor":"Malwarebytes","product":"Malwarebytes","versions":[{"version":"4.5.0","status":"affected"}]}],"metrics":[{"cvssV4_0":{"Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","Safety":"NOT_DEFINED","attackComplexity":"LOW","attackRequirements":"NONE","attackVector":"LOCAL","baseScore":8.5,"baseSeverity":"HIGH","exploitMaturity":"NOT_DEFINED","privilegesRequired":"LOW","providerUrgency":"NOT_DEFINED","subAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","userInteraction":"NONE","valueDensity":"NOT_DEFINED","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N","version":"4.0","vulnAvailabilityImpact":"HIGH","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnerabilityResponseEffort":"NOT_DEFINED"},"format":"CVSS"},{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"HIGH","baseScore":7.8,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","version":"3.1"},"format":"CVSS"}],"references":[{"url":"https://www.exploit-db.com/exploits/50806","name":"ExploitDB-50806","tags":["exploit"]},{"url":"https://www.malwarebytes.com/","name":"Official Product Homepage","tags":["product"]},{"url":"https://www.malwarebytes.com/mwb-download/","name":"Product Reference","tags":["product"]},{"name":"VulnCheck Advisory: Malwarebytes 4.5 Unquoted Service Path Privilege Escalation","tags":["third-party-advisory"],"url":"https://www.vulncheck.com/advisories/malwarebytes-unquoted-service-path-privilege-escalation"}],"credits":[{"lang":"en","value":"Hejap Zairy","type":"finder"}],"x_generator":{"engine":"vulncheck"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2026-06-22T14:33:58.960955Z","id":"CVE-2022-50971","options":[{"Exploitation":"poc"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-06-22T14:34:09.908Z"}}]}}