CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2021-21785
https://notcve.org/view.php?id=CVE-2021-21785
05 Aug 2021 — An information disclosure vulnerability exists in the IOCTL 0x9c40a148 handling of IOBit Advanced SystemCare Ultimate 14.2.0.220. A specially crafted I/O request packet (IRP) can lead to a disclosure of sensitive information. An attacker can send a malicious IRP to trigger this vulnerability. Se presenta una vulnerabilidad de divulgación de información en el manejo de IOCTL 0x9c40a148 de IOBit Advanced SystemCare Ultimate versión 14.2.0.220. Un paquete de petición de I/O (IRP) especialmente diseñado puede c... • https://www.talosintelligence.com/vulnerability_reports/TALOS-2021-1252 • CWE-782: Exposed IOCTL with Insufficient Access Control •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2021-21792
https://notcve.org/view.php?id=CVE-2021-21792
05 Aug 2021 — An information disclosure vulnerability exists in the the way IOBit Advanced SystemCare Ultimate 14.2.0.220 driver handles Privileged I/O read requests. A specially crafted I/O request packet (IRP) can lead to privileged reads in the context of a driver which can result in sensitive information disclosure from the kernel. The IN instruction can read four bytes from the given I/O device, potentially leaking sensitive device data to unprivileged users. Se presenta una vulnerabilidad de divulgación de informac... • https://talosintelligence.com/vulnerability_reports/TALOS-2021-1255 • CWE-782: Exposed IOCTL with Insufficient Access Control •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2021-21791
https://notcve.org/view.php?id=CVE-2021-21791
05 Aug 2021 — An information disclosure vulnerability exists in the the way IOBit Advanced SystemCare Ultimate 14.2.0.220 driver handles Privileged I/O read requests. A specially crafted I/O request packet (IRP) can lead to privileged reads in the context of a driver which can result in sensitive information disclosure from the kernel. The IN instruction can read two bytes from the given I/O device, potentially leaking sensitive device data to unprivileged users. Se presenta una vulnerabilidad de divulgación de informaci... • https://talosintelligence.com/vulnerability_reports/TALOS-2021-1255 • CWE-782: Exposed IOCTL with Insufficient Access Control •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2021-21790
https://notcve.org/view.php?id=CVE-2021-21790
05 Aug 2021 — An information disclosure vulnerability exists in the the way IOBit Advanced SystemCare Ultimate 14.2.0.220 driver handles Privileged I/O read requests. A specially crafted I/O request packet (IRP) can lead to privileged reads in the context of a driver which can result in sensitive information disclosure from the kernel. The IN instruction can read two bytes from the given I/O device, potentially leaking sensitive device data to unprivileged users. Se presenta una vulnerabilidad de divulgación de informaci... • https://talosintelligence.com/vulnerability_reports/TALOS-2021-1255 • CWE-782: Exposed IOCTL with Insufficient Access Control •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-21786
https://notcve.org/view.php?id=CVE-2021-21786
07 Jul 2021 — A privilege escalation vulnerability exists in the IOCTL 0x9c406144 handling of IOBit Advanced SystemCare Ultimate 14.2.0.220. A specially crafted I/O request packet (IRP) can lead to increased privileges. An attacker can send a malicious IRP to trigger this vulnerability. Se presenta una vulnerabilidad de escalada de privilegios en el manejo de IOCTL 0x9c406144 de IOBit Advanced SystemCare Ultimate versión 14.2.0.220. Un paquete de petición de I/O (IRP) especialmente diseñado puede conllevar a un aumento d... • https://talosintelligence.com/vulnerability_reports/TALOS-2021-1253 • CWE-269: Improper Privilege Management CWE-782: Exposed IOCTL with Insufficient Access Control •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-21789
https://notcve.org/view.php?id=CVE-2021-21789
07 Jul 2021 — A privilege escalation vulnerability exists in the way IOBit Advanced SystemCare Ultimate 14.2.0.220 driver handles Privileged I/O write requests. During IOCTL 0x9c40a0e0, the first dword passed in the input buffer is the device port to write to and the dword at offset 4 is the value to write via the OUT instruction. A local attacker can send a malicious IRP to trigger this vulnerability. Se presenta una vulnerabilidad de escalada de privilegios en la forma en que el controlador IOBit Advanced SystemCare Ul... • https://talosintelligence.com/vulnerability_reports/TALOS-2021-1254 • CWE-782: Exposed IOCTL with Insufficient Access Control •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-21788
https://notcve.org/view.php?id=CVE-2021-21788
07 Jul 2021 — A privilege escalation vulnerability exists in the way IOBit Advanced SystemCare Ultimate 14.2.0.220 driver handles Privileged I/O write requests. During IOCTL 0x9c40a0dc, the first dword passed in the input buffer is the device port to write to and the word at offset 4 is the value to write via the OUT instruction. The OUT instruction can write one byte to the given I/O device port, potentially leading to escalated privileges of unprivileged users. A local attacker can send a malicious IRP to trigger this ... • https://talosintelligence.com/vulnerability_reports/TALOS-2021-1254 • CWE-782: Exposed IOCTL with Insufficient Access Control •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-21787
https://notcve.org/view.php?id=CVE-2021-21787
07 Jul 2021 — A privilege escalation vulnerability exists in the way IOBit Advanced SystemCare Ultimate 14.2.0.220 driver handles Privileged I/O write requests. During IOCTL 0x9c40a0d8, the first dword passed in the input buffer is the device port to write to and the byte at offset 4 is the value to write via the OUT instruction. The OUT instruction can write one byte to the given I/O device port, potentially leading to escalated privileges of unprivileged users. Se presenta una vulnerabilidad de escalada de privilegios ... • https://talosintelligence.com/vulnerability_reports/TALOS-2021-1254 • CWE-782: Exposed IOCTL with Insufficient Access Control •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-9043
https://notcve.org/view.php?id=CVE-2018-9043
27 Mar 2018 — In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_win10_x64.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c4060d0. En Advanced SystemCare Ultimate 11.0.1.58, el archivo del controlador (Monitor_win10_x64.sys) permite que usuarios locales provoquen una denegación de servicio (BSOD) o que, posiblemente, causen otro impacto sin especificar debido a que no se validan los valores de entr... • https://github.com/D0neMkj/POC_BSOD/tree/master/Advanced%20SystemCare%20Utimate/Monitor_win10_x64.sys-0x9c4060d0 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-9042
https://notcve.org/view.php?id=CVE-2018-9042
27 Mar 2018 — In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_win10_x64.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c402000. En Advanced SystemCare Ultimate 11.0.1.58, el archivo del controlador (Monitor_win10_x64.sys) permite que usuarios locales provoquen una denegación de servicio (BSOD) o que, posiblemente, causen otro impacto sin especificar debido a que no se validan los valores de entr... • https://github.com/D0neMkj/POC_BSOD/tree/master/Advanced%20SystemCare%20Utimate/Monitor_win10_x64.sys-0x9c402000 • CWE-20: Improper Input Validation •