CVE-2021-44968

Name of the Vulnerable Software and Affected Versions IOBit Advanced SystemCare version 15 pro

Description A Use after Free issue exists via requests sent in sequential order using the IOCTL driver codes, which could let a malicious user execute arbitrary code or cause a Denial of Service (system crash). The IOCTL list includes codes such as 0x8001e01c, 0x8001e020, 0x8001e024, 0x8001e040, 0x8001e044, 0x8001e048, 0x8001e04c, 0x8001e000, 0x8001e004, 0x8001e008, 0x8001e00c, 0x8001e010, 0x8001e014, and 0x8001e018.

Recommendations As a temporary workaround, consider disabling the use of the IOCTL driver codes until a patch is available. Restrict access to the vulnerable IOCTL list to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.