Vulnerabilities > Iobit > Advanced Systemcare

DATE CVE VULNERABILITY TITLE RISK
2022-07-06 CVE-2022-24138 Files or Directories Accessible to External Parties vulnerability in Iobit Advanced Systemcare 15
IOBit Advanced System Care (Asc.exe) 15 and Action Download Center both download components of IOBit suite into ProgramData folder, ProgramData folder has "rwx" permissions for unprivileged users.
local
low complexity
iobit CWE-552
7.8
2022-02-18 CVE-2021-44968 Use After Free vulnerability in Iobit Advanced Systemcare 15
A Use after Free vulnerability exists in IOBit Advanced SystemCare 15 pro via requests sent in sequential order using the IOCTL driver codes, which could let a malicious user execute arbitrary code or a Denial of Service (system crash).
local
low complexity
iobit CWE-416
7.8
2021-02-05 CVE-2020-10234 Unspecified vulnerability in Iobit Advanced Systemcare 13.2
The AscRegistryFilter.sys kernel driver in IObit Advanced SystemCare 13.2 allows an unprivileged user to send an IOCTL to the device driver.
network
low complexity
iobit
6.5
2020-06-22 CVE-2020-14990 Link Following vulnerability in Iobit Advanced Systemcare 13.5.0.263
IOBit Advanced SystemCare Free 13.5.0.263 allows local users to gain privileges for file deletion by manipulating the Clean & Optimize feature with an NTFS junction and an Object Manager symbolic link.
local
low complexity
iobit CWE-59
7.1
2018-09-26 CVE-2018-16713 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Iobit Advanced Systemcare 1.2.0.5
IObit Advanced SystemCare, which includes Monitor_win10_x64.sys or Monitor_win7_x64.sys, 1.2.0.5 (and possibly earlier versions) allows a user to send an IOCTL (0x9C402084) with a buffer containing user defined content.
network
low complexity
iobit CWE-119
6.5
2018-09-26 CVE-2018-16712 Information Exposure vulnerability in Iobit Advanced Systemcare 1.2.0.5
IObit Advanced SystemCare, which includes Monitor_win10_x64.sys or Monitor_win7_x64.sys, 1.2.0.5 (and possibly earlier versions) allows a user to send a specially crafted IOCTL 0x9C406104 to read physical memory.
network
low complexity
iobit CWE-200
6.5
2018-09-26 CVE-2018-16711 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Iobit Advanced Systemcare 1.2.0.5
IObit Advanced SystemCare, which includes Monitor_win10_x64.sys or Monitor_win7_x64.sys, 1.2.0.5 (and possibly earlier versions) allows a user to send an IOCTL (0x9C402088) with a buffer containing user defined content.
network
low complexity
iobit CWE-119
8.8