523 matches found
CVE-2022-24138
IOBit Advanced System Care Asc.exe 15 and Action Download Center both download components of IOBit suite into ProgramData folder, ProgramData folder has "rwx" permissions for unprivileged users. Low privilege users can use SetOpLock to wait for CreateProcess and switch the genuine component with ...
CVE-2022-24138
IOBit Advanced System Care Asc.exe 15 and Action Download Center both download components of IOBit suite into ProgramData folder, ProgramData folder has "rwx" permissions for unprivileged users. Low privilege users can use SetOpLock to wait for CreateProcess and switch the genuine component with ...
Code injection
IOBit Advanced System Care Asc.exe 15 and Action Download Center both download components of IOBit suite into ProgramData folder, ProgramData folder has "rwx" permissions for unprivileged users. Low privilege users can use SetOpLock to wait for CreateProcess and switch the genuine component with ...
Remote code execution
IOBit Advanced System Care 15, iTop Screen Recorder 2.1, iTop VPN 3.2, Driver Booster 9, and iTop Screenshot sends HTTP requests in their update procedure in order to download a config file. After downloading the config file, the products will parse the HTTP location of the update from the file a...
CVE-2022-24140
The CVE-2022-24140 entry affects IOBit Advanced System Care 15, iTop Screen Recorder 2.1, iTop VPN 3.2, Driver Booster 9, and iTop Screenshot. The issue arises in the update mechanism: products fetch a config file via HTTP, parse the update location from that file, and automatically install updat...
CVE-2022-24140
IOBit Advanced System Care 15, iTop Screen Recorder 2.1, iTop VPN 3.2, Driver Booster 9, and iTop Screenshot sends HTTP requests in their update procedure in order to download a config file. After downloading the config file, the products will parse the HTTP location of the update from the file a...
CVE-2022-24139
In IOBit Advanced System Care AscService.exe 15, an attacker with SEImpersonatePrivilege can create a named pipe with the same name as one of ASCService's named pipes. ASCService first tries to connect before trying to create the named pipes, because of that during login the service will try to...
CVE-2022-24139
The CVE concerns IOBit Advanced System Care, ASCService.exe (version 15). An attacker with SEImpersonatePrivilege can create a named pipe that reuses one of ASCService’s expected named pipe names. ASCService first attempts to connect to the named pipe before creating its pipes, so during login th...
CVE-2022-24138
CVE-2022-24138 affects IOBit Advanced System Care (Asc.exe) 15 and Action Download Center. The root cause is that components are downloaded into the ProgramData folder, which has broad (rwx) permissions for unprivileged users, allowing a low-privilege user to exploit SetOpLock to wait for CreateP...
CVE-2022-24138
IOBit Advanced System Care Asc.exe 15 and Action Download Center both download components of IOBit suite into ProgramData folder, ProgramData folder has "rwx" permissions for unprivileged users. Low privilege users can use SetOpLock to wait for CreateProcess and switch the genuine component with ...
IOBit Advanced System Care (Asc.exe) 15、Action Download Center 安全漏洞
IOBit Advanced System Care Free and IOBit Action Download Center are both products of the British company IOBit.IOBit Advanced System Care Free is a system management utility. The program is mainly used for scanning, repairing and optimizing the system, etc.IOBit Action Download Center is a...
IOBit Advanced System Care Free 安全漏洞
IOBit Advanced System Care Free is a system management utility from IOBit UK. The program is mainly used for scanning, repairing and optimizing your system, among other things. A security vulnerability exists in IOBit Advanced System Care Free 15. An attacker has exploited the vulnerability to...
多款IOBit产品安全漏洞
IOBit Advanced System Care Free is a system management utility. iTop Screen Recorder is a powerful free Windows screen recorder. iTop VPN is a VPN software. iTop VPN is a VPN software. IOBit Advanced System Care Free is a system management utility. iTop Screen Recorder is a product of iTop. iTop...
CVE-2022-24562
In IOBit IOTransfer 4.3.1.1561, an unauthenticated attacker can send GET and POST requests to Airserv and gain arbitrary read/write access to the entire file-system with admin privileges on the victim's endpoint, which can result in data theft and remote code execution...
Remote code execution
In IOBit IOTransfer 4.3.1.1561, an unauthenticated attacker can send GET and POST requests to Airserv and gain arbitrary read/write access to the entire file-system with admin privileges on the victim's endpoint, which can result in data theft and remote code execution...
CVE-2022-24562
IOTransfer 4.3.1.1561 exposes an unauthenticated remote-access flaw in the Airserv component. An attacker can send GET/POST requests to Airserv and gain arbitrary read/write access to the entire filesystem with admin privileges, enabling potential data theft and remote code execution. The issue i...
CVE-2022-24562
In IOBit IOTransfer 4.3.1.1561, an unauthenticated attacker can send GET and POST requests to Airserv and gain arbitrary read/write access to the entire file-system with admin privileges on the victim's endpoint, which can result in data theft and remote code execution...
CVE-2021-44968
A Use after Free vulnerability exists in IOBit Advanced SystemCare 15 pro via requests sent in sequential order using the IOCTL driver codes, which could let a malicious user execute arbitrary code or a Denial of Service system crash. IOCTL list: iobitioctl = 0x8001e01c, 0x8001e020, 0x8001e024,...
CVE-2021-44968
A Use after Free vulnerability exists in IOBit Advanced SystemCare 15 pro via requests sent in sequential order using the IOCTL driver codes, which could let a malicious user execute arbitrary code or a Denial of Service system crash. IOCTL list: iobitioctl = 0x8001e01c, 0x8001e020, 0x8001e024,...
Design/Logic Flaw
A Use after Free vulnerability exists in IOBit Advanced SystemCare 15 pro via requests sent in sequential order using the IOCTL driver codes, which could let a malicious user execute arbitrary code or a Denial of Service system crash. IOCTL list: iobitioctl = 0x8001e01c, 0x8001e020, 0x8001e024,...