Arbitrary File Manipulation in IOBit Unlocker by IOBit
CVE-2020-14975

7.8HIGH

Key Information:

Vendor: Iobit
Status: Iobit Unlocker
Vendor: CVE Published:; 23 June 2020

What is CVE-2020-14975?

IOBit Unlocker version 1.1.2 has a vulnerability that allows low-privileged users to perform unauthorized file manipulations. By exploiting the IOCTL code 0x222124, these users can delete, move, or copy arbitrary files without adequate permissions. This poses a significant risk, as it undermines file integrity and system security. It is essential for users and organizations to patch this vulnerability to safeguard their systems against potential attacks.

References

https://www.iobit.com/en/iobit-unlocker.php

x_refsource_MISC

https://theevilbit.github.io/posts/

x_refsource_MISC

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 23, 2020
Vulnerability Reserved
Jun 22, 2020

Iobit

What is CVE-2020-14975?

References

CVSS V3.1

Timeline