PT-2024-5613 · Iobit · Iobit Itop Data Recovery Pro
Daniel.Soriano
·
Published
2024-07-31
·
Updated
2024-08-12
·
CVE-2024-7324
CVSS v2.0
6.8
Medium
| Vector | AV:L/AC:L/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
IObit iTop Data Recovery Pro version 4.4.0.687
Description
The issue is related to an uncontrolled search path element in the BPL Handler component of the IObit iTop Data Recovery Pro. This can be exploited to execute arbitrary commands. Local access is required for the attack. The vulnerability affects an unknown functionality in the madbasic .bpl library.
Recommendations
For IObit iTop Data Recovery Pro version 4.4.0.687, patch immediately to prevent exploitation of sensitive data on affected systems. As a temporary workaround, consider restricting access to the madbasic .bpl library until a patch is available.
Fix
Uncontrolled Search Path Element
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Iobit Itop Data Recovery Pro