IOCTL Vulnerability in IObit Malware Fighter Enables Unauthorized File Deletion
CVE-2019-6494

6.5MEDIUM

Key Information:

Vendor: Iobit
Status: Malware Fighter
Vendor: CVE Published:; 30 April 2019

What is CVE-2019-6494?

A vulnerability exists in IObit Malware Fighter 6.2 that allows a low-privileged user to exploit the IMFForceDelete.sys component by sending an IOCTL command (0x8016E000) along with a user-defined string to target a file. This can lead to the immediate deletion of the specified file, circumventing existing file access controls and posing a significant security risk.

References

https://downwithup.github.io/CVEPosts.html

x_refsource_MISC

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 30, 2019
Vulnerability Reserved
Jan 18, 2019

Iobit

What is CVE-2019-6494?

References

CVSS V3.1

Timeline