CVE-2018-16713
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
IObit Advanced SystemCare, which includes Monitor_win10_x64.sys or Monitor_win7_x64.sys, 1.2.0.5 (and possibly earlier versions) allows a user to send an IOCTL (0x9C402084) with a buffer containing user defined content. The driver's subroutine will execute a rdmsr instruction with the user's buffer for input, and provide output from the instruction.
IObit Advanced SystemCare, que incluye Monitor_win10_x64.sys o Monitor_win7_x64.sys, en su versión 1.2.0.5 (y posiblemente también en versiones anteriores) permite que un usuario envíe una llamada IOCTL (0x9C402084) con un búfer que contiene contenidos definidos por el usuario. La subrutina del controlador ejecutará una instrucción rdmsr con el búfer del usuario como entrada y proporcionará una salida a partir de la instrucción.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2018-09-07 CVE Reserved
- 2018-09-25 First Exploit
- 2018-09-26 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| https://downwithup.github.io/CVEPosts.html | Third Party Advisory |
| URL | Date | SRC |
|---|---|---|
| https://github.com/DownWithUp/CVE-2018-16713 | 2018-09-25 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Iobit Search vendor "Iobit" | Advanced Systemcare Search vendor "Iobit" for product "Advanced Systemcare" | <= 1.2.0.5 Search vendor "Iobit" for product "Advanced Systemcare" and version " <= 1.2.0.5" | - |
Affected
| ||||||