Uncontrolled Search Path Vulnerability in iTop Data Recovery Pro
CVE-2024-7324

7.8HIGH

Key Information:

Vendor: Iobit
Status: Itop Data Recovery Pro
Vendor: CVE Published:; 31 July 2024

What is CVE-2024-7324?

A vulnerability exists in the IObit iTop Data Recovery Pro version 4.4.0.687, specifically in the madbasic_.bpl library, utilized by the BPL Handler component. This issue allows for exploitation through an uncontrolled search path, which could potentially lead to the execution of arbitrary code or files without proper validation. To execute this attack, local access to the system is required, emphasizing the need for secure local user practices. Despite notifications regarding this vulnerability, there has been a lack of response from IObit, highlighting the importance of users being proactive in applying relevant security measures.

Affected Version(s)

iTop Data Recovery Pro 4.4.0.687

References

https://vuldb.com/?id.273247

vdb-entry

https://vuldb.com/?ctiid.273247

signaturepermissions-required

https://vuldb.com/?submit.378138

third-party-advisory

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 31, 2024
Vulnerability Reserved
Jul 31, 2024

Credit

daniel.soriano (VulDB User)

Iobit

What is CVE-2024-7324?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit