Denial of Service Vulnerability in Advanced SystemCare Ultimate by IObit
CVE-2018-9002

7.8HIGH

Key Information:

Vendor: Iobit
Status: Advanced Systemcare Ultimate
Vendor: CVE Published:; 25 March 2018

What is CVE-2018-9002?

In version 11.0.1.58 of Advanced SystemCare Ultimate, a critical driver file, Monitor_win7_x64.sys, fails to validate input values from the IOCtl command 0x9c4060cc. This lack of proper validation opens the door for local users to trigger a denial of service scenario, potentially leading to a blue screen of death (BSOD), and may introduce other unspecified impacts on the system functionality. Users running this version should take immediate action to mitigate the risk associated with this vulnerability.

References

https://github.com/D0neMkj/POC_BSOD/tree/master/Advanced%...

x_refsource_MISC

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 25, 2018
Vulnerability Reserved
Mar 24, 2018

Iobit

What is CVE-2018-9002?

References

CVSS V3.1

Timeline