PT-2018-1951 · Iobit · Iobit Advanced Systemcare

Publicado

2018-09-25

Atualizado

2018-12-27

CVE-2018-16712

CVSS v2.0

6.8

Média

Vetor

AV:N/AC:L/Au:S/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions IObit Advanced SystemCare versions 1.2.0.5 and earlier

Description The issue is related to insufficient data protection in the utility. It allows a user to send a specially crafted IOCTL 0x9C406104 to read physical memory, potentially disclosing protected information.

Recommendations For IObit Advanced SystemCare versions 1.2.0.5 and earlier, consider restricting access to the Monitor win10 x64.sys and Monitor win7 x64.sys files to minimize the risk of exploitation. As a temporary workaround, avoid using the IOCTL 0x9C406104 until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Information Disclosure

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-200

Identificadores relacionados

BDU:2018-01558

CVE-2018-16712

Produtos afetados

Iobit Advanced Systemcare

PT-2018-1951 · Iobit · Iobit Advanced Systemcare

CVE-2018-16712

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 7