Vulnerabilities > CVE-2020-10234 - Unspecified vulnerability in Iobit Advanced Systemcare 13.2
Attack vector
NETWORK Attack complexity
LOW Privileges required
LOW Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
The AscRegistryFilter.sys kernel driver in IObit Advanced SystemCare 13.2 allows an unprivileged user to send an IOCTL to the device driver. If the user provides a NULL entry for the dwIoControlCode parameter, a kernel panic (aka BSOD) follows. The IOCTL codes can be found in the dispatch function: 0x8001E000, 0x8001E004, 0x8001E008, 0x8001E00C, 0x8001E010, 0x8001E014, 0x8001E020, 0x8001E024, 0x8001E040, 0x8001E044, and 0x8001E048. \DosDevices\AscRegistryFilter and \Device\AscRegistryFilter are affected.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
References
- https://github.com/FULLSHADE/Kernel-exploits
- https://github.com/FULLSHADE/Kernel-exploits/tree/master/AscRegistryFilter.sys
- https://www.iobit.com/en/advancedsystemcarefree.php
- https://github.com/FULLSHADE/Kernel-exploits
- https://www.iobit.com/en/advancedsystemcarefree.php
- https://github.com/FULLSHADE/Kernel-exploits/tree/master/AscRegistryFilter.sys