CVE-2024-12657 – IObit Advanced SystemCare Utimate IOCTL AscRegistryFilter.sys 0x8001E000 null pointer dereference
https://notcve.org/view.php?id=CVE-2024-12657
A vulnerability has been found in IObit Advanced SystemCare Utimate up to 17.0.0 and classified as problematic. This vulnerability affects the function 0x8001E000 in the library AscRegistryFilter.sys of the component IOCTL Handler. The manipulation leads to null pointer dereference. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. • https://shareforall.notion.site/IOBit-Advanced-SystemCare-Utimate-AscRegistryFilter-0x8001E000-NPD-DOS-15160437bb1e8068a470ca1611fd7317 https://vuldb.com/?ctiid.288526 https://vuldb.com/?id.288526 https://vuldb.com/?submit.456035 • CWE-404: Improper Resource Shutdown or Release CWE-476: NULL Pointer Dereference •
CVE-2022-24138
https://notcve.org/view.php?id=CVE-2022-24138
IOBit Advanced System Care (Asc.exe) 15 and Action Download Center both download components of IOBit suite into ProgramData folder, ProgramData folder has "rwx" permissions for unprivileged users. Low privilege users can use SetOpLock to wait for CreateProcess and switch the genuine component with a malicious executable thus gaining code execution as a high privilege user (Low Privilege -> high integrity ADMIN). IOBit Advanced System Care (Asc.exe) versión 15 y Action Download Center descargan componentes de la suite IOBit en la carpeta ProgramData, la carpeta ProgramData presenta permisos "rwx" para usuarios no privilegiados. Los usuarios poco privilegiados pueden usar SetOpLock para esperar a CreateProcess y cambiar el componente genuino por un ejecutable malicioso, obteniendo así la ejecución de código como usuario con altos privilegios (Privilegio bajo -) ADMIN de integridad alta) • http://advanced.com http://iobit.com https://github.com/tomerpeled92/CVE • CWE-552: Files or Directories Accessible to External Parties •
CVE-2021-44968
https://notcve.org/view.php?id=CVE-2021-44968
A Use after Free vulnerability exists in IOBit Advanced SystemCare 15 pro via requests sent in sequential order using the IOCTL driver codes, which could let a malicious user execute arbitrary code or a Denial of Service (system crash). IOCTL list: iobit_ioctl = [0x8001e01c, 0x8001e020, 0x8001e024, 0x8001e040,0x8001e044, 0x8001e048, 0x8001e04c, 0x8001e000, 0x8001e004, 0x8001e008, 0x8001e00c, 0x8001e010, 0x8001e014, 0x8001e018] Se presenta una vulnerabilidad de Uso de Memoria Previamente Liberada en IOBit Advanced SystemCare 15 pro, por medio de peticiones enviadas en orden secuencial usando los códigos del controlador IOCTL, lo que podría permitir a un usuario malicioso ejecutar código arbitrario o una denegación de servicio (bloqueo del sistema). Lista IOCTL: iobit_ioctl = [0x8001e01c, 0x8001e020, 0x8001e024, 0x8001e040,0x8001e044, 0x8001e048, 0x8001e04c, 0x8001e000, 0x8001e004, 0x8001e008, 0x8001e00c, 0x8001e010, 0x8001e014, 0x8001e018] • https://github.com/Quadron-Research-Lab/Kernel_Driver_bugs/tree/main/iobit_advenced_system_care • CWE-416: Use After Free •
CVE-2021-21785
https://notcve.org/view.php?id=CVE-2021-21785
An information disclosure vulnerability exists in the IOCTL 0x9c40a148 handling of IOBit Advanced SystemCare Ultimate 14.2.0.220. A specially crafted I/O request packet (IRP) can lead to a disclosure of sensitive information. An attacker can send a malicious IRP to trigger this vulnerability. Se presenta una vulnerabilidad de divulgación de información en el manejo de IOCTL 0x9c40a148 de IOBit Advanced SystemCare Ultimate versión 14.2.0.220. Un paquete de petición de I/O (IRP) especialmente diseñado puede conllevar a una revelación de información confidencial. • https://www.talosintelligence.com/vulnerability_reports/TALOS-2021-1252 • CWE-782: Exposed IOCTL with Insufficient Access Control •
CVE-2021-21792
https://notcve.org/view.php?id=CVE-2021-21792
An information disclosure vulnerability exists in the the way IOBit Advanced SystemCare Ultimate 14.2.0.220 driver handles Privileged I/O read requests. A specially crafted I/O request packet (IRP) can lead to privileged reads in the context of a driver which can result in sensitive information disclosure from the kernel. The IN instruction can read four bytes from the given I/O device, potentially leaking sensitive device data to unprivileged users. Se presenta una vulnerabilidad de divulgación de información en la manera en que el controlador IOBit Advanced SystemCare Ultimate versión 14.2.0.220, maneja las peticiones de lectura de I/O privilegiado. Un paquete de petición de I/O (IRP) especialmente diseñado puede conllevar a lecturas privilegiadas en el contexto de un controlador que puede resultar en la divulgación de información confidencial del kernel. • https://talosintelligence.com/vulnerability_reports/TALOS-2021-1255 • CWE-782: Exposed IOCTL with Insufficient Access Control •