PT-2018-1951 · Iobit · Iobit Advanced Systemcare

Published

2018-09-25

Updated

2018-12-27

CVE-2018-16712

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:L/Au:S/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions IObit Advanced SystemCare versions 1.2.0.5 and earlier

Description The issue is related to insufficient data protection in the utility. It allows a user to send a specially crafted IOCTL 0x9C406104 to read physical memory, potentially disclosing protected information.

Recommendations For IObit Advanced SystemCare versions 1.2.0.5 and earlier, consider restricting access to the Monitor win10 x64.sys and Monitor win7 x64.sys files to minimize the risk of exploitation. As a temporary workaround, avoid using the IOCTL 0x9C406104 until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

BDU:2018-01558

CVE-2018-16712

Affected Products

Iobit Advanced Systemcare

PT-2018-1951 · Iobit · Iobit Advanced Systemcare

CVE-2018-16712

Weakness Enumeration

Related Identifiers

Affected Products

References · 7