CVE-2021-44968
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
A Use after Free vulnerability exists in IOBit Advanced SystemCare 15 pro via requests sent in sequential order using the IOCTL driver codes, which could let a malicious user execute arbitrary code or a Denial of Service (system crash). IOCTL list: iobit_ioctl = [0x8001e01c, 0x8001e020, 0x8001e024, 0x8001e040,0x8001e044, 0x8001e048, 0x8001e04c, 0x8001e000, 0x8001e004, 0x8001e008, 0x8001e00c, 0x8001e010, 0x8001e014, 0x8001e018]
Se presenta una vulnerabilidad de Uso de Memoria Previamente Liberada en IOBit Advanced SystemCare 15 pro, por medio de peticiones enviadas en orden secuencial usando los códigos del controlador IOCTL, lo que podría permitir a un usuario malicioso ejecutar código arbitrario o una denegación de servicio (bloqueo del sistema). Lista IOCTL: iobit_ioctl = [0x8001e01c, 0x8001e020, 0x8001e024, 0x8001e040,0x8001e044, 0x8001e048, 0x8001e04c, 0x8001e000, 0x8001e004, 0x8001e008, 0x8001e00c, 0x8001e010, 0x8001e014, 0x8001e018]
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-12-13 CVE Reserved
- 2022-02-18 CVE Published
- 2023-09-11 EPSS Updated
- 2024-08-04 CVE Updated
- 2024-08-04 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-416: Use After Free
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|---|---|
| https://github.com/Quadron-Research-Lab/Kernel_Driver_bugs/tree/main/iobit_advenced_system_care | 2024-08-04 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Iobit Search vendor "Iobit" | Advanced Systemcare Search vendor "Iobit" for product "Advanced Systemcare" | 15 Search vendor "Iobit" for product "Advanced Systemcare" and version "15" | pro |
Affected
| ||||||