Filtered by vendor Iobit
Subscribe
Total
63 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2024-1195 | 1 Iobit | 1 Itop Vpn | 2024-11-21 | 4.6 MEDIUM | 5.5 MEDIUM |
A vulnerability classified as critical was found in iTop VPN up to 4.0.0.1. Affected by this vulnerability is an unknown functionality in the library ITopVpnCallbackProcess.sys of the component IOCTL Handler. The manipulation leads to denial of service. The attack needs to be approached locally. The identifier VDB-252685 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
CVE-2024-0430 | 1 Iobit | 1 Malware Fighter | 2024-11-21 | N/A | 5.5 MEDIUM |
IObit Malware Fighter v11.0.0.1274 is vulnerable to a Denial of Service vulnerability by triggering the 0x8001E00C IOCTL code of the ImfHpRegFilter.sys driver. | |||||
CVE-2023-1646 | 1 Iobit | 1 Malware Fighter | 2024-11-21 | 4.3 MEDIUM | 5.3 MEDIUM |
A vulnerability was found in IObit Malware Fighter 9.4.0.776. It has been declared as critical. This vulnerability affects the function 0x8018E000/0x8018E004 in the library IMFCameraProtect.sys of the component IOCTL Handler. The manipulation leads to stack-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. VDB-224026 is the identifier assigned to this vulnerability. | |||||
CVE-2023-1645 | 1 Iobit | 1 Malware Fighter | 2024-11-21 | 4.6 MEDIUM | 5.5 MEDIUM |
A vulnerability was found in IObit Malware Fighter 9.4.0.776. It has been classified as problematic. This affects the function 0x8018E008 in the library IMFCameraProtect.sys of the component IOCTL Handler. The manipulation leads to denial of service. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The identifier VDB-224025 was assigned to this vulnerability. | |||||
CVE-2023-1644 | 1 Iobit | 1 Malware Fighter | 2024-11-21 | 4.6 MEDIUM | 5.5 MEDIUM |
A vulnerability was found in IObit Malware Fighter 9.4.0.776 and classified as problematic. Affected by this issue is the function 0x8018E010 in the library IMFCameraProtect.sys of the component IOCTL Handler. The manipulation leads to denial of service. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-224024. | |||||
CVE-2023-1643 | 1 Iobit | 1 Malware Fighter | 2024-11-21 | 4.6 MEDIUM | 5.5 MEDIUM |
A vulnerability has been found in IObit Malware Fighter 9.4.0.776 and classified as problematic. Affected by this vulnerability is the function 0x8001E000/0x8001E004/0x8001E018/0x8001E01C/0x8001E024/0x8001E040 in the library ImfHpRegFilter.sys of the component IOCTL Handler. The manipulation leads to denial of service. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-224023. | |||||
CVE-2023-1642 | 1 Iobit | 1 Malware Fighter | 2024-11-21 | 4.6 MEDIUM | 5.5 MEDIUM |
A vulnerability, which was classified as problematic, was found in IObit Malware Fighter 9.4.0.776. Affected is the function 0x222034/0x222038/0x22203C/0x222040 in the library ObCallbackProcess.sys of the component IOCTL Handler. The manipulation leads to denial of service. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. VDB-224022 is the identifier assigned to this vulnerability. | |||||
CVE-2023-1641 | 1 Iobit | 1 Malware Fighter | 2024-11-21 | 4.6 MEDIUM | 5.5 MEDIUM |
A vulnerability, which was classified as problematic, has been found in IObit Malware Fighter 9.4.0.776. This issue affects the function 0x222018 in the library ObCallbackProcess.sys of the component IOCTL Handler. The manipulation leads to denial of service. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The identifier VDB-224021 was assigned to this vulnerability. | |||||
CVE-2023-1640 | 1 Iobit | 1 Malware Fighter | 2024-11-21 | 4.6 MEDIUM | 5.5 MEDIUM |
A vulnerability classified as problematic was found in IObit Malware Fighter 9.4.0.776. This vulnerability affects the function 0x222010 in the library ObCallbackProcess.sys of the component IOCTL Handler. The manipulation leads to denial of service. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-224020. | |||||
CVE-2023-1639 | 1 Iobit | 1 Malware Fighter | 2024-11-21 | 4.6 MEDIUM | 5.5 MEDIUM |
A vulnerability classified as problematic has been found in IObit Malware Fighter 9.4.0.776. This affects the function 0x8001E04C in the library ImfRegistryFilter.sys of the component IOCTL Handler. The manipulation leads to denial of service. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-224019. | |||||
CVE-2023-1638 | 1 Iobit | 1 Malware Fighter | 2024-11-21 | 4.6 MEDIUM | 5.5 MEDIUM |
A vulnerability was found in IObit Malware Fighter 9.4.0.776. It has been rated as problematic. Affected by this issue is the function 0x8001E024/0x8001E040 in the library ImfRegistryFilter.sys of the component IOCTL Handler. The manipulation leads to denial of service. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. VDB-224018 is the identifier assigned to this vulnerability. | |||||
CVE-2022-37771 | 2 Iobit, Microsoft | 2 Malware Fighter, Windows | 2024-11-21 | N/A | 6.7 MEDIUM |
IObit Malware Fighter v9.2 for Microsoft Windows lacks tamper protection, allowing authenticated attackers with Administrator privileges to modify processes within the application and escalate privileges to SYSTEM via a crafted executable. | |||||
CVE-2022-37197 | 1 Iobit | 1 Iotransfer | 2024-11-21 | N/A | 7.8 HIGH |
IOBit IOTransfer V4 is vulnerable to Unquoted Service Path. | |||||
CVE-2022-24562 | 1 Iobit | 1 Iotransfer | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
In IOBit IOTransfer 4.3.1.1561, an unauthenticated attacker can send GET and POST requests to Airserv and gain arbitrary read/write access to the entire file-system (with admin privileges) on the victim's endpoint, which can result in data theft and remote code execution. | |||||
CVE-2022-24141 | 1 Iobit | 1 Itop Vpn | 2024-11-21 | 5.5 MEDIUM | 5.4 MEDIUM |
The iTopVPNmini.exe component of iTop VPN 3.2 will try to connect to datastate_iTopVPN_Pipe_Server on a loop. An attacker that opened a named pipe with the same name can use it to gain the token of another user by listening for connections and abusing ImpersonateNamedPipeClient(). | |||||
CVE-2022-24140 | 1 Iobit | 5 Advanced System Care, Driver Booster, Itop Screen Recorder and 2 more | 2024-11-21 | 6.0 MEDIUM | 6.6 MEDIUM |
IOBit Advanced System Care 15, iTop Screen Recorder 2.1, iTop VPN 3.2, Driver Booster 9, and iTop Screenshot sends HTTP requests in their update procedure in order to download a config file. After downloading the config file, the products will parse the HTTP location of the update from the file and will try to install the update automatically with ADMIN privileges. An attacker Intercepting this communication can supply the product a fake config file with malicious locations for the updates thus gaining a remote code execution on an endpoint. | |||||
CVE-2022-24139 | 1 Iobit | 1 Advanced System Care | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
In IOBit Advanced System Care (AscService.exe) 15, an attacker with SEImpersonatePrivilege can create a named pipe with the same name as one of ASCService's named pipes. ASCService first tries to connect before trying to create the named pipes, because of that during login the service will try to connect to the attacker which will lead to either escalation of privileges (through token manipulation and ImpersonateNamedPipeClient() ) from ADMIN -> SYSTEM or from Local ADMIN-> Domain ADMIN depending on the user and named pipe that is used. | |||||
CVE-2022-24138 | 1 Iobit | 1 Advanced Systemcare | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
IOBit Advanced System Care (Asc.exe) 15 and Action Download Center both download components of IOBit suite into ProgramData folder, ProgramData folder has "rwx" permissions for unprivileged users. Low privilege users can use SetOpLock to wait for CreateProcess and switch the genuine component with a malicious executable thus gaining code execution as a high privilege user (Low Privilege -> high integrity ADMIN). | |||||
CVE-2021-44968 | 1 Iobit | 1 Advanced Systemcare | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
A Use after Free vulnerability exists in IOBit Advanced SystemCare 15 pro via requests sent in sequential order using the IOCTL driver codes, which could let a malicious user execute arbitrary code or a Denial of Service (system crash). IOCTL list: iobit_ioctl = [0x8001e01c, 0x8001e020, 0x8001e024, 0x8001e040,0x8001e044, 0x8001e048, 0x8001e04c, 0x8001e000, 0x8001e004, 0x8001e008, 0x8001e00c, 0x8001e010, 0x8001e014, 0x8001e018] | |||||
CVE-2021-21792 | 1 Iobit | 1 Advanced Systemcare Ultimate | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
An information disclosure vulnerability exists in the the way IOBit Advanced SystemCare Ultimate 14.2.0.220 driver handles Privileged I/O read requests. A specially crafted I/O request packet (IRP) can lead to privileged reads in the context of a driver which can result in sensitive information disclosure from the kernel. The IN instruction can read four bytes from the given I/O device, potentially leaking sensitive device data to unprivileged users. |