User Privilege Escalation in IObit Advanced SystemCare
CVE-2018-16712

6.5MEDIUM

Key Information:

Vendor: Iobit
Status: Advanced Systemcare
Vendor: CVE Published:; 26 September 2018

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2018-16712?

IObit Advanced SystemCare versions 1.2.0.5 and earlier are vulnerable to a user privilege escalation issue. This vulnerability allows attackers to manipulate the device driver Monitor_win10_x64.sys or Monitor_win7_x64.sys by sending a specially crafted IOCTL command (0x9C406104). By exploiting this flaw, unauthorized users can access sensitive physical memory, posing significant security risks to affected systems.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2018-16712
Created by DownWithUp

References

https://downwithup.github.io/CVEPosts.html

x_refsource_MISC

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 26, 2018
🟡
Public PoC available
Sep 23, 2018
👾
Exploit known to exist
Sep 23, 2018
Vulnerability Reserved
Sep 7, 2018