mbae.sys in Malwarebytes Anti-Exploit before 1.05.1.2014 allows local users to cause a denial of service (crash) via a crafted size in an unspecified IOCTL call, which triggers an out-of-bounds read. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.
The Windows Error Reporting (WER) component in Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to bypass the Protected Process Light. Rated low severity (CVSS 1.9). No vendor patch available.