CVE-2021-44968

CVE-2021-44968 affects IObit Advanced SystemCare 15 Pro. A Use-after-Free vulnerability arises when requests are sent in sequence using the IOCTL driver codes, potentially allowing arbitrary code execution or a system crash. IOCTLs implicated include 0x8001e01c, 0x8001e020, 0x8001e024, 0x8001e040...

CVE-2021-44968

A Use after Free vulnerability exists in IOBit Advanced SystemCare 15 pro via requests sent in sequential order using the IOCTL driver codes, which could let a malicious user execute arbitrary code or a Denial of Service system crash. IOCTL list: iobitioctl = 0x8001e01c, 0x8001e020, 0x8001e024,...

IObit Advanced SystemCare 资源管理错误漏洞

IObit Advanced SystemCare is a system management utility from IObit UK. The program is mainly used for scanning, repairing and optimizing the system, among other things. IObit Advanced SystemCare 15 pro suffers from a resource management error vulnerability that originates from sending requests...

CVE-2021-21792

An information disclosure vulnerability exists in the the way IOBit Advanced SystemCare Ultimate 14.2.0.220 driver handles Privileged I/O read requests. A specially crafted I/O request packet IRP can lead to privileged reads in the context of a driver which can result in sensitive information...

CVE-2021-21792

An information disclosure vulnerability exists in the the way IOBit Advanced SystemCare Ultimate 14.2.0.220 driver handles Privileged I/O read requests. A specially crafted I/O request packet IRP can lead to privileged reads in the context of a driver which can result in sensitive information...

CVE-2021-21790

An information disclosure vulnerability exists in the the way IOBit Advanced SystemCare Ultimate 14.2.0.220 driver handles Privileged I/O read requests. A specially crafted I/O request packet IRP can lead to privileged reads in the context of a driver which can result in sensitive information...

CVE-2021-21791

An information disclosure vulnerability exists in the the way IOBit Advanced SystemCare Ultimate 14.2.0.220 driver handles Privileged I/O read requests. A specially crafted I/O request packet IRP can lead to privileged reads in the context of a driver which can result in sensitive information...

CVE-2021-21785

An information disclosure vulnerability exists in the IOCTL 0x9c40a148 handling of IOBit Advanced SystemCare Ultimate 14.2.0.220. A specially crafted I/O request packet IRP can lead to a disclosure of sensitive information. An attacker can send a malicious IRP to trigger this vulnerability...

Information disclosure

An information disclosure vulnerability exists in the the way IOBit Advanced SystemCare Ultimate 14.2.0.220 driver handles Privileged I/O read requests. A specially crafted I/O request packet IRP can lead to privileged reads in the context of a driver which can result in sensitive information...

Information disclosure

An information disclosure vulnerability exists in the IOCTL 0x9c40a148 handling of IOBit Advanced SystemCare Ultimate 14.2.0.220. A specially crafted I/O request packet IRP can lead to a disclosure of sensitive information. An attacker can send a malicious IRP to trigger this vulnerability...

Information disclosure

An information disclosure vulnerability exists in the the way IOBit Advanced SystemCare Ultimate 14.2.0.220 driver handles Privileged I/O read requests. A specially crafted I/O request packet IRP can lead to privileged reads in the context of a driver which can result in sensitive information...

CVE-2021-21785

The CVE-2021-21785 issue affects IOBit Advanced SystemCare Ultimate 14.2.0.220. TALOS details show an information-disclosure vulnerability in IOCTL 0x9c40a148, where unprivileged user data reaches HalSetBusDataByOffset via IRP handling, enabling read of device configuration and registers and thus...

CVE-2021-21785

An information disclosure vulnerability exists in the IOCTL 0x9c40a148 handling of IOBit Advanced SystemCare Ultimate 14.2.0.220. A specially crafted I/O request packet IRP can lead to a disclosure of sensitive information. An attacker can send a malicious IRP to trigger this vulnerability...

CVE-2021-21792

The CVE-2021-21792 issue affects IOBit Advanced SystemCare Ultimate 14.2.0.220, where the driver mishandles Privileged I/O read requests via IRP_MJ_DEVICE_CONTROL, allowing a local attacker to perform privileged IN reads from the kernel. TALOS-2021-1255 documents a local exploit path where an att...

CVE-2021-21792

An information disclosure vulnerability exists in the the way IOBit Advanced SystemCare Ultimate 14.2.0.220 driver handles Privileged I/O read requests. A specially crafted I/O request packet IRP can lead to privileged reads in the context of a driver which can result in sensitive information...

CVE-2021-21791

CVE-2021-21791 is an information-disclosure vulnerability in the IOBit Advanced SystemCare Ultimate 14.2.0.220 driver. TALOS details show that a local attacker can trigger privileged I/O reads via exposed IOCTL paths to the driver (notably 0x9C4060D0 for reading a word via IN). The vulnerability ...

CVE-2021-21791

An information disclosure vulnerability exists in the the way IOBit Advanced SystemCare Ultimate 14.2.0.220 driver handles Privileged I/O read requests. A specially crafted I/O request packet IRP can lead to privileged reads in the context of a driver which can result in sensitive information...

CVE-2021-21790

The CVE-2021-21790 issue affects IOBit Advanced SystemCare Ultimate 14.2.0.220: a flaw in the driver’s handling of Privileged I/O read requests allows a local attacker to trigger privileged reads from the kernel via crafted IRPs, potentially disclosing sensitive kernel data. TALOS details cover C...

CVE-2021-21790

An information disclosure vulnerability exists in the the way IOBit Advanced SystemCare Ultimate 14.2.0.220 driver handles Privileged I/O read requests. A specially crafted I/O request packet IRP can lead to privileged reads in the context of a driver which can result in sensitive information...

Advanced SystemCare Ultimate Elevation of Privilege Vulnerability

Advanced SystemCare Ultimate, a Windows optimization suite from Iobit that analyzes system performance bottlenecks, is vulnerable to an elevation of privilege vulnerability in Advanced SystemCare Ultimate version 14.2.0.220. A local attacker can exploit this vulnerability by sending a malicious I...