CVE-2014-4936

Name: CVE-2014-4936
Creator: NVD / NIST
Published: 2014-12-16T18:59:02.827+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 16.78%

Last modified Jun 17, 2026

CVE-2014-4936 is a vulnerability of currently unknown severity. The upgrade functionality in Malwarebytes Anti-Malware (MBAM) consumer before 2.0.3 and Malwarebytes Anti-Exploit (MBAE) consumer 1.04.1.1012 and earlier allow man-in-the-middle attackers to execute arbitrary code by spoofing the update server and uploading an executable.. EPSS estimates a 16.78% chance of exploitation in the next 30 days.

Description

The upgrade functionality in Malwarebytes Anti-Malware (MBAM) consumer before 2.0.3 and Malwarebytes Anti-Exploit (MBAE) consumer 1.04.1.1012 and earlier allow man-in-the-middle attackers to execute arbitrary code by spoofing the update server and uploading an executable.

Metrics

EPSS Probability

16.78%

96.6th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-345

Affected Software

Vendor	Product	Versions
Malwarebytes	Malwarebytes Anti-Exploit	<= 1.04.1.1012
Malwarebytes	Malwarebytes Anti-Malware	<= 2.02

References

Timeline

Published: Dec 16, 2014
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2014-4936?

How severe is CVE-2014-4936?

Severity scoring for CVE-2014-4936 is pending analysis. The EPSS model estimates a 16.78% probability of exploitation in the next 30 days.

How do I fix CVE-2014-4936?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2014-4936?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST