CVE-2022-50971
Received Received - Intake
Malwarebytes 4.5 Unquoted Service Path Privilege Escalation

Publication date: 2026-06-19

Last updated on: 2026-06-19

Assigner: VulnCheck

Description
Malwarebytes 4.5 contains an unquoted service path vulnerability in the MBAMService executable that allows local attackers to escalate privileges by injecting malicious code into the system root path. Attackers can place executable files in unquoted path directories that execute with LocalSystem privileges during service startup or system reboot.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-19
Last Modified
2026-06-19
Generated
2026-06-19
AI Q&A
2026-06-19
EPSS Evaluated
N/A
NVD
CVE-2022-50971
EUVD
EUVD-2022-56007
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
malwarebytes malwarebytes 4.5
malwarebytes malwarebytes to 4.5 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-428 The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The provided context and resources do not contain any information regarding the impact of CVE-2022-50971 on compliance with common standards and regulations such as GDPR or HIPAA.

Executive Summary

CVE-2022-50971 is an unquoted service path vulnerability found in Malwarebytes version 4.5 and earlier, specifically in the MBAMService executable.

This vulnerability allows local attackers to escalate their privileges by injecting malicious code into directories along the system root path that are not properly quoted.

Because the service path is unquoted, the system may execute malicious executables placed by attackers with LocalSystem privileges during service startup or system reboot.

Impact Analysis

This vulnerability can allow a local attacker to gain elevated privileges on the affected system.

By injecting malicious code that runs with LocalSystem privileges, an attacker can perform unauthorized actions, potentially compromising the entire system.

Such privilege escalation can lead to full system compromise, data theft, or disruption of services.

Detection Guidance

This vulnerability involves an unquoted service path in the MBAMService executable of Malwarebytes 4.5 and earlier. To detect it on your system, you can check for unquoted service paths related to MBAMService.

A common method to detect unquoted service paths is to use the Windows command line to query service configurations and look for paths without quotes.

  • Run the command: sc qc MBAMService
  • Check the BINARY_PATH_NAME output for unquoted spaces in the path.
  • Alternatively, use PowerShell to list all services with unquoted paths: Get-WmiObject win32_service | where {$_.PathName -like '* *' -and $_.PathName -notlike '"*"'} | select Name, PathName

If the MBAMService path is unquoted and contains spaces, the system is vulnerable to this privilege escalation issue.

Mitigation Strategies

To mitigate this unquoted service path vulnerability in Malwarebytes MBAMService, immediate steps include:

  • Update Malwarebytes to a version later than 4.5 where this vulnerability is fixed.
  • If an update is not immediately available, manually correct the service path by quoting the executable path in the service configuration.
  • Restrict local user permissions to prevent unauthorized users from placing executables in directories along the unquoted path.
  • Monitor the system for suspicious executable files in directories referenced by the unquoted service path.

These steps help prevent local attackers from exploiting the vulnerability to escalate privileges.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2022-50971. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart