Null Pointer Dereference Vulnerability in IObit Advanced SystemCare Ultimate
CVE-2024-12661

Currently unrated

Key Information:

Vendor: IObit
Vendor: CVE Published:; 16 December 2024

What is CVE-2024-12661?

CVE-2024-12661 is a high-risk vulnerability affecting IObit Advanced SystemCare Ultimate, specifically in the AscRegistryFilter.sys component, known for its IOCTL handler functionality. This vulnerability arises from a null pointer dereference, which can potentially allow attackers to disrupt system operations by exploiting the affected function (0x8001E024). Local exploitation is necessary, and despite early notification to the vendor, no response was received. It's crucial for users of any version up to 17.0.0 to implement appropriate security measures to mitigate the risks associated with this vulnerability.

References

https://shareforall.notion.site/IOBit-Advanced-SystemCare...

https://vuldb.com/?ctiid.288530

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 16, 2024