Null Pointer Dereference in IObit Advanced SystemCare Ultimate
CVE-2024-12662

5.5MEDIUM

Key Information:

Vendor: IObit
Status: Advanced Systemcare Ultimate
Vendor: CVE Published:; 16 December 2024

What is CVE-2024-12662?

CVE-2024-12662 is a high-risk vulnerability found in IObit Advanced SystemCare Ultimate, specifically affecting versions up to 17.0.0. This flaw is associated with the null pointer dereference issue in the AscRegistryFilter.sys library within the IOCTL Handler function 0x8001E040. Attackers with local access could exploit this vulnerability, potentially leading to system instability or unauthorized actions. Despite public disclosure of this exploit, the vendor has remained unresponsive to mitigation efforts. Users are encouraged to review their software versions and apply necessary security measures.

References

https://shareforall.notion.site/IOBit-Advanced-SystemCare...

https://vuldb.com/?ctiid.288531

https://vuldb.com/?id.288531

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 16, 2024