Topgun

**Name of the Vulnerable Software and Affected Versions** IObit Protected Folder versions up to 13.6.0.5 **Description** A vulnerability was found in the function `0x8001E000/0x8001E00C/0x8001E004/0x8001E010` in the library `IURegistryFilter.sys` of the component IOCTL Handler. The manipulation leads to null pointer dereference. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. **Recommendations** For IObit Protected Folder versions up to 13.6.0.5, as a temporary workaround, consider disabling the affected function `0x8001E000/0x8001E00C/0x8001E004/0x8001E010` in the library `IURegistryFilter.sys` until a patch is available. Restrict access to the IOCTL Handler component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** IOBit Protected Folder versions up to 1.3.0 **Description** A problem has been found in the function `0x22200c` in the library `pffilter.sys` of the component IOCTL Handler. This issue leads to null pointer dereference. The attack must be approached locally. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. **Recommendations** For IOBit Protected Folder versions up to 1.3.0, as a temporary workaround, consider disabling the `0x22200c` function in the `pffilter.sys` library until a patch is available. Restrict access to the IOCTL Handler component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** IObit Protected Folder versions up to 13.6.0.5 **Description** A problem has been found in the function 0x8001E000/0x8001E004 in the library IUProcessFilter.sys of the component IOCTL Handler, which leads to null pointer dereference. The manipulation must be done locally. The issue has been disclosed to the public. The vendor was contacted about this disclosure but did not respond. **Recommendations** For IObit Protected Folder versions up to 13.6.0.5, as a temporary workaround, consider disabling the function 0x8001E000/0x8001E004 in the library IUProcessFilter.sys until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** FabulaTech USB over Network version 6.0.6.1 **Description** A problematic issue has been found in the function `0x220420` of the `ftusbbus2.sys` library in the IOCT Handler component. This issue leads to a null pointer dereference. The attack can be launched on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted about this disclosure but did not respond. **Recommendations** For FabulaTech USB over Network version 6.0.6.1, as a temporary workaround, consider disabling the function `0x220420` in the `ftusbbus2.sys` library until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** FabulaTech USB over Network version 6.0.6.1 **Description** A problem was found in the function `0x220448` in the library `ftusbbus2.sys` of the component IOCT Handler, leading to null pointer dereference. The attack must be approached locally. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. **Recommendations** For FabulaTech USB over Network version 6.0.6.1, as a temporary workaround, consider disabling the `0x220448` function in the `ftusbbus2.sys` library until a patch is available. Restrict access to the IOCT Handler component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** IObit Advanced SystemCare Ultimate versions up to 17.0.0 **Description** A problematic issue has been found, affecting the function 0x8001E000 in the library AscRegistryFilter.sys of the component IOCTL Handler. The manipulation leads to null pointer dereference. An attack must be approached locally. The issue has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. **Recommendations** For IObit Advanced SystemCare Ultimate versions up to 17.0.0, as a temporary workaround, consider disabling the function 0x8001E000 in the library AscRegistryFilter.sys until a patch is available. Restrict access to the IOCTL Handler component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** IObit Advanced SystemCare Ultimate versions up to 17.0.0 **Description** A problem was found in the function `0x8001E01C` in the library `AscRegistryFilter.sys` of the component IOCTL Handler. The manipulation leads to null pointer dereference. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. **Recommendations** For IObit Advanced SystemCare Ultimate versions up to 17.0.0, as a temporary workaround, consider disabling the `0x8001E01C` function in the `AscRegistryFilter.sys` library until a patch is available. Restrict access to the IOCTL Handler component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** IObit Advanced SystemCare Ultimate versions up to 17.0.0 **Description** A vulnerability was found in the function `0x8001E018` in the library `AscRegistryFilter.sys` of the component IOCTL Handler. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. **Recommendations** For IObit Advanced SystemCare Ultimate versions up to 17.0.0, as a temporary workaround, consider disabling the `0x8001E018` function in the `AscRegistryFilter.sys` library until a patch is available. Restrict access to the IOCTL Handler component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** IObit Advanced SystemCare Ultimate versions up to 17.0.0 **Description** A vulnerability was found in the function `0x8001E024` in the library `AscRegistryFilter.sys` of the component IOCTL Handler. The manipulation leads to null pointer dereference. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. **Recommendations** For IObit Advanced SystemCare Ultimate versions up to 17.0.0, as a temporary workaround, consider disabling the `0x8001E024` function in the `AscRegistryFilter.sys` library until a patch is available. Restrict access to the IOCTL Handler component to minimize the risk of exploitation. Avoid using the affected library until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** IObit Advanced SystemCare Ultimate versions up to 17.0.0 **Description** A problematic vulnerability has been found in IObit Advanced SystemCare Ultimate. This issue affects the function `0x8001E040` in the library `AscRegistryFilter.sys` of the component IOCTL Handler, leading to a null pointer dereference. The attack must be approached locally. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. **Recommendations** For IObit Advanced SystemCare Ultimate versions up to 17.0.0, as a temporary workaround, consider disabling the `0x8001E040` function in the `AscRegistryFilter.sys` library until a patch is available. Restrict access to the IOCTL Handler component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** IObit Advanced SystemCare Ultimate versions up to 17.0.0 **Description** A problematic issue has been found, affecting the function `0x8001E004` in the library `AscRegistryFilter.sys` of the component IOCTL Handler. The manipulation leads to null pointer dereference. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. **Recommendations** For IObit Advanced SystemCare Ultimate versions up to 17.0.0, as a temporary workaround, consider disabling the `0x8001E004` function in the `AscRegistryFilter.sys` library until a patch is available. Restrict access to the IOCTL Handler component to minimize the risk of exploitation. Avoid using the affected library until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** FabulaTech USB over Network version 6.0.6.1 **Description** A problematic vulnerability has been found in the function `0x22040C` in the library `ftusbbus2.sys` of the component IOCT Handler. The manipulation leads to null pointer dereference. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. **Recommendations** For version 6.0.6.1, as a temporary workaround, consider disabling the function `0x22040C` in the library `ftusbbus2.sys` until a patch is available. Restrict access to the IOCT Handler component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** FabulaTech USB over Network version 6.0.6.1 **Description** A problematic vulnerability was found in the function 0x220408 of the library ftusbbus2.sys of the component IOCT Handler. The manipulation leads to null pointer dereference, requiring a local attack. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. **Recommendations** For version 6.0.6.1, as a temporary workaround, consider disabling the function 0x220408 in the library ftusbbus2.sys until a patch is available. Restrict access to the IOCT Handler component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** MSI Dragon Center versions up to 2.0.146.0 **Description** A problematic issue was found in the IOCTL Handler component of MSI Dragon Center, affecting the `MmUnMapIoSpace` function in the `NTIOLib X64.sys` library. This leads to a null pointer dereference. The attack can be launched on the local host, potentially allowing unauthorized local access. **Recommendations** For MSI Dragon Center versions up to 2.0.146.0, upgrade to version 2.0.148.0 to address this issue. As a temporary workaround, consider restricting access to the `NTIOLib X64.sys` library until the upgrade is applied.