CVE-2024-7325

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-7325
A vulnerability was found in IObit Driver Booster 11.0.0.0. It has been rated as critical. Affected by this issue is some unknown functionality in the library VCL120.BPL of the component BPL Handler. The manipulation leads to uncontrolled search path. Attacking locally is a requirement. The identifier of this vulnerability is VDB-273248. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

7.8 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

6.8 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:L/AC:L/Au:S/C:C/I:C/A:C

Exploitability : 3.1 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References
Link Resource
https://vuldb.com/?ctiid.273248 Permissions Required
https://vuldb.com/?id.273248 Third Party Advisory
https://vuldb.com/?submit.378139 Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:iobit:driver_booster:11.0.0.0:*:*:*:*:*:*:*
History

11 Sep 2024, 15:42

Type Values Removed Values Added
References () https://vuldb.com/?ctiid.273248 - () https://vuldb.com/?ctiid.273248 - Permissions Required
References () https://vuldb.com/?id.273248 - () https://vuldb.com/?id.273248 - Third Party Advisory
References () https://vuldb.com/?submit.378139 - () https://vuldb.com/?submit.378139 - Third Party Advisory
First Time Iobit
Iobit driver Booster
CPE cpe:2.3:a:iobit:driver_booster:11.0.0.0:*:*:*:*:*:*:*

01 Aug 2024, 12:42

Type Values Removed Values Added
Summary
  • (es) Se encontró una vulnerabilidad en IObit Driver Booster 11.0.0.0. Ha sido calificada como crítica. Una función desconocida en la librería VCL120.BPL del componente BPL Handler es afectada por esta vulnerabilidad. La manipulación conduce a una ruta de búsqueda incontrolada. Atacar localmente es un requisito. El identificador de esta vulnerabilidad es VDB-273248. NOTA: Se contactó al proveedor tempranamente sobre esta divulgación, pero no respondió de ninguna manera.

31 Jul 2024, 20:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-07-31 20:15

Updated : 2024-09-11 15:42

NVD link : CVE-2024-7325

Mitre link : CVE-2024-7325

CVE.ORG link : CVE-2024-7325

JSON object : View

Products Affected

iobit

  • driver_booster
CWE
CWE-427

Uncontrolled Search Path Element


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024