Uncontrolled Search Path Vulnerability in iTop Data Recovery Pro
CVE-2024-7324

7.8HIGH

Key Information:

Vendor

Iobit

Status
Itop Data Recovery Pro
Vendor
CVE Published:
31 July 2024

What is CVE-2024-7324?

A vulnerability exists in the IObit iTop Data Recovery Pro version 4.4.0.687, specifically in the madbasic_.bpl library, utilized by the BPL Handler component. This issue allows for exploitation through an uncontrolled search path, which could potentially lead to the execution of arbitrary code or files without proper validation. To execute this attack, local access to the system is required, emphasizing the need for secure local user practices. Despite notifications regarding this vulnerability, there has been a lack of response from IObit, highlighting the importance of users being proactive in applying relevant security measures.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

iTop Data Recovery Pro 4.4.0.687

References

https://vuldb.com/?id.273247
vdb-entry
https://vuldb.com/?ctiid.273247
signaturepermissions-required
https://vuldb.com/?submit.378138
third-party-advisory

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

daniel.soriano (VulDB User)
JSON
.