Vulnerabilities (CVE)

Filtered by vendor Iobit Subscribe
Total 63 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-1195 1 Iobit 1 Itop Vpn 2024-11-21 4.6 MEDIUM 5.5 MEDIUM
A vulnerability classified as critical was found in iTop VPN up to 4.0.0.1. Affected by this vulnerability is an unknown functionality in the library ITopVpnCallbackProcess.sys of the component IOCTL Handler. The manipulation leads to denial of service. The attack needs to be approached locally. The identifier VDB-252685 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-0430 1 Iobit 1 Malware Fighter 2024-11-21 N/A 5.5 MEDIUM
IObit Malware Fighter v11.0.0.1274 is vulnerable to a Denial of Service vulnerability by triggering the 0x8001E00C IOCTL code of the ImfHpRegFilter.sys driver.
CVE-2023-1646 1 Iobit 1 Malware Fighter 2024-11-21 4.3 MEDIUM 5.3 MEDIUM
A vulnerability was found in IObit Malware Fighter 9.4.0.776. It has been declared as critical. This vulnerability affects the function 0x8018E000/0x8018E004 in the library IMFCameraProtect.sys of the component IOCTL Handler. The manipulation leads to stack-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. VDB-224026 is the identifier assigned to this vulnerability.
CVE-2023-1645 1 Iobit 1 Malware Fighter 2024-11-21 4.6 MEDIUM 5.5 MEDIUM
A vulnerability was found in IObit Malware Fighter 9.4.0.776. It has been classified as problematic. This affects the function 0x8018E008 in the library IMFCameraProtect.sys of the component IOCTL Handler. The manipulation leads to denial of service. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The identifier VDB-224025 was assigned to this vulnerability.
CVE-2023-1644 1 Iobit 1 Malware Fighter 2024-11-21 4.6 MEDIUM 5.5 MEDIUM
A vulnerability was found in IObit Malware Fighter 9.4.0.776 and classified as problematic. Affected by this issue is the function 0x8018E010 in the library IMFCameraProtect.sys of the component IOCTL Handler. The manipulation leads to denial of service. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-224024.
CVE-2023-1643 1 Iobit 1 Malware Fighter 2024-11-21 4.6 MEDIUM 5.5 MEDIUM
A vulnerability has been found in IObit Malware Fighter 9.4.0.776 and classified as problematic. Affected by this vulnerability is the function 0x8001E000/0x8001E004/0x8001E018/0x8001E01C/0x8001E024/0x8001E040 in the library ImfHpRegFilter.sys of the component IOCTL Handler. The manipulation leads to denial of service. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-224023.
CVE-2023-1642 1 Iobit 1 Malware Fighter 2024-11-21 4.6 MEDIUM 5.5 MEDIUM
A vulnerability, which was classified as problematic, was found in IObit Malware Fighter 9.4.0.776. Affected is the function 0x222034/0x222038/0x22203C/0x222040 in the library ObCallbackProcess.sys of the component IOCTL Handler. The manipulation leads to denial of service. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. VDB-224022 is the identifier assigned to this vulnerability.
CVE-2023-1641 1 Iobit 1 Malware Fighter 2024-11-21 4.6 MEDIUM 5.5 MEDIUM
A vulnerability, which was classified as problematic, has been found in IObit Malware Fighter 9.4.0.776. This issue affects the function 0x222018 in the library ObCallbackProcess.sys of the component IOCTL Handler. The manipulation leads to denial of service. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The identifier VDB-224021 was assigned to this vulnerability.
CVE-2023-1640 1 Iobit 1 Malware Fighter 2024-11-21 4.6 MEDIUM 5.5 MEDIUM
A vulnerability classified as problematic was found in IObit Malware Fighter 9.4.0.776. This vulnerability affects the function 0x222010 in the library ObCallbackProcess.sys of the component IOCTL Handler. The manipulation leads to denial of service. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-224020.
CVE-2023-1639 1 Iobit 1 Malware Fighter 2024-11-21 4.6 MEDIUM 5.5 MEDIUM
A vulnerability classified as problematic has been found in IObit Malware Fighter 9.4.0.776. This affects the function 0x8001E04C in the library ImfRegistryFilter.sys of the component IOCTL Handler. The manipulation leads to denial of service. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-224019.
CVE-2023-1638 1 Iobit 1 Malware Fighter 2024-11-21 4.6 MEDIUM 5.5 MEDIUM
A vulnerability was found in IObit Malware Fighter 9.4.0.776. It has been rated as problematic. Affected by this issue is the function 0x8001E024/0x8001E040 in the library ImfRegistryFilter.sys of the component IOCTL Handler. The manipulation leads to denial of service. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. VDB-224018 is the identifier assigned to this vulnerability.
CVE-2022-37771 2 Iobit, Microsoft 2 Malware Fighter, Windows 2024-11-21 N/A 6.7 MEDIUM
IObit Malware Fighter v9.2 for Microsoft Windows lacks tamper protection, allowing authenticated attackers with Administrator privileges to modify processes within the application and escalate privileges to SYSTEM via a crafted executable.
CVE-2022-37197 1 Iobit 1 Iotransfer 2024-11-21 N/A 7.8 HIGH
IOBit IOTransfer V4 is vulnerable to Unquoted Service Path.
CVE-2022-24562 1 Iobit 1 Iotransfer 2024-11-21 10.0 HIGH 9.8 CRITICAL
In IOBit IOTransfer 4.3.1.1561, an unauthenticated attacker can send GET and POST requests to Airserv and gain arbitrary read/write access to the entire file-system (with admin privileges) on the victim's endpoint, which can result in data theft and remote code execution.
CVE-2022-24141 1 Iobit 1 Itop Vpn 2024-11-21 5.5 MEDIUM 5.4 MEDIUM
The iTopVPNmini.exe component of iTop VPN 3.2 will try to connect to datastate_iTopVPN_Pipe_Server on a loop. An attacker that opened a named pipe with the same name can use it to gain the token of another user by listening for connections and abusing ImpersonateNamedPipeClient().
CVE-2022-24140 1 Iobit 5 Advanced System Care, Driver Booster, Itop Screen Recorder and 2 more 2024-11-21 6.0 MEDIUM 6.6 MEDIUM
IOBit Advanced System Care 15, iTop Screen Recorder 2.1, iTop VPN 3.2, Driver Booster 9, and iTop Screenshot sends HTTP requests in their update procedure in order to download a config file. After downloading the config file, the products will parse the HTTP location of the update from the file and will try to install the update automatically with ADMIN privileges. An attacker Intercepting this communication can supply the product a fake config file with malicious locations for the updates thus gaining a remote code execution on an endpoint.
CVE-2022-24139 1 Iobit 1 Advanced System Care 2024-11-21 7.2 HIGH 7.8 HIGH
In IOBit Advanced System Care (AscService.exe) 15, an attacker with SEImpersonatePrivilege can create a named pipe with the same name as one of ASCService's named pipes. ASCService first tries to connect before trying to create the named pipes, because of that during login the service will try to connect to the attacker which will lead to either escalation of privileges (through token manipulation and ImpersonateNamedPipeClient() ) from ADMIN -> SYSTEM or from Local ADMIN-> Domain ADMIN depending on the user and named pipe that is used.
CVE-2022-24138 1 Iobit 1 Advanced Systemcare 2024-11-21 7.2 HIGH 7.8 HIGH
IOBit Advanced System Care (Asc.exe) 15 and Action Download Center both download components of IOBit suite into ProgramData folder, ProgramData folder has "rwx" permissions for unprivileged users. Low privilege users can use SetOpLock to wait for CreateProcess and switch the genuine component with a malicious executable thus gaining code execution as a high privilege user (Low Privilege -> high integrity ADMIN).
CVE-2021-44968 1 Iobit 1 Advanced Systemcare 2024-11-21 7.2 HIGH 7.8 HIGH
A Use after Free vulnerability exists in IOBit Advanced SystemCare 15 pro via requests sent in sequential order using the IOCTL driver codes, which could let a malicious user execute arbitrary code or a Denial of Service (system crash). IOCTL list: iobit_ioctl = [0x8001e01c, 0x8001e020, 0x8001e024, 0x8001e040,0x8001e044, 0x8001e048, 0x8001e04c, 0x8001e000, 0x8001e004, 0x8001e008, 0x8001e00c, 0x8001e010, 0x8001e014, 0x8001e018]
CVE-2021-21792 1 Iobit 1 Advanced Systemcare Ultimate 2024-11-21 2.1 LOW 5.5 MEDIUM
An information disclosure vulnerability exists in the the way IOBit Advanced SystemCare Ultimate 14.2.0.220 driver handles Privileged I/O read requests. A specially crafted I/O request packet (IRP) can lead to privileged reads in the context of a driver which can result in sensitive information disclosure from the kernel. The IN instruction can read four bytes from the given I/O device, potentially leaking sensitive device data to unprivileged users.