CVE-2024-7324
IObit iTop Data Recovery Pro BPL madbasic_.bpl uncontrolled search path
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A vulnerability was found in IObit iTop Data Recovery Pro 4.4.0.687. It has been declared as critical. Affected by this vulnerability is an unknown functionality in the library madbasic_.bpl of the component BPL Handler. The manipulation leads to uncontrolled search path. Local access is required to approach this attack. The associated identifier of this vulnerability is VDB-273247. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
In IObit iTop Data Recovery Pro 4.4.0.687 wurde eine kritische Schwachstelle ausgemacht. Betroffen ist eine unbekannte Verarbeitung in der Bibliothek madbasic_.bpl der Komponente BPL Handler. Durch das Manipulieren mit unbekannten Daten kann eine uncontrolled search path-Schwachstelle ausgenutzt werden. Der Angriff muss lokal angegangen werden.
CVSS Scores
SSVC
- Decision:Track*
Timeline
- 2024-07-31 CVE Reserved
- 2024-07-31 CVE Published
- 2024-08-01 CVE Updated
- 2024-08-01 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-427: Uncontrolled Search Path Element
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| https://vuldb.com/?id.273247 | Vdb Entry | |
| https://vuldb.com/?submit.378138 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| IObit Search vendor "IObit" | ITop Data Recovery Pro Search vendor "IObit" for product "ITop Data Recovery Pro" | 4.4.0.687 Search vendor "IObit" for product "ITop Data Recovery Pro" and version "4.4.0.687" | en |
Affected
| ||||||