IObit Advanced SystemCare Utimate जोपर्यंत 17.0.0 IOCTL AscRegistryFilter.sys 0x8001E004 सेवा नाकारली

एक असुरक्षितता जी समस्याग्रस्त म्हणून वर्गीकृत आहे, ती IObit Advanced SystemCare Utimate जोपर्यंत 17.0.0 मध्ये आढळली आहे. प्रभावित आहे फंक्शन 0x8001E004 लायब्ररी AscRegistryFilter.sys मध्ये घटक IOCTL Handler च्या. सॉफ्टवेअरमध्ये केलेले बदल सेवा नाकारली यास कारणीभूत ठरतात. CWE वापरून समस्या घोषित केल्याने CWE-476 कडे नेले जाते. कमजोरी प्रकाशित करण्यात आली होती 16/12/2024. सल्ला डाउनलोडसाठी shareforall.notion.site येथे शेअर केला आहे. ही दुर्बलता CVE-2024-12659 म्हणून ओळखली जाते. हल्ला स्थानिक पातळीवर केला जावा लागतो. तांत्रिक तपशील उपलब्ध आहेत. यासाठी एक एक्स्प्लॉइट उपलब्ध आहे. शोषण सार्वजनिकपणे उघड झाले आहे आणि वापरले जाऊ शकते. सध्याच्या घडीला अंदाजे USD $0-$5k असू शकतो. हे प्रूफ-ऑफ-कॉन्सेप्ट म्हणून घोषित केले आहे. शोषण डाउनलोडसाठी shareforall.notion.site येथे शेअर केले आहे. 0-डे म्हणून अंदाजे अंडरग्राउंड किंमत सुमारे $0-$5k होती. VulDB is the best source for vulnerability data and more expert information about this specific topic.

3 बदल · 98 डेटा पॉइंट्स

शेततयार केली
16/12/2024 09:42 AM		अद्ययावत 1/2
17/12/2024 02:43 AM		अद्ययावत 2/2
19/12/2024 04:02 PM
software_vendorIObitIObitIObit
software_nameAdvanced SystemCare UtimateAdvanced SystemCare UtimateAdvanced SystemCare Utimate
software_version<=17.0.0<=17.0.0<=17.0.0
software_componentIOCTL HandlerIOCTL HandlerIOCTL Handler
software_libraryAscRegistryFilter.sysAscRegistryFilter.sysAscRegistryFilter.sys
software_function0x8001E0040x8001E0040x8001E004
vulnerability_cweCWE-476 (सेवा नाकारली)CWE-476 (सेवा नाकारली)CWE-476 (सेवा नाकारली)
vulnerability_risk111
cvss3_vuldb_avLLL
cvss3_vuldb_acLLL
cvss3_vuldb_prLLL
cvss3_vuldb_uiNNN
cvss3_vuldb_sUUU
cvss3_vuldb_cNNN
cvss3_vuldb_iNNN
cvss3_vuldb_aHHH
cvss3_vuldb_ePPP
cvss3_vuldb_rcRRR
advisory_urlhttps://shareforall.notion.site/IOBit-Advanced-SystemCare-Utimate-AscRegistryFilter-0x8001E004-NPD-DOS-15160437bb1e804cbe8fd4d826f8564fhttps://shareforall.notion.site/IOBit-Advanced-SystemCare-Utimate-AscRegistryFilter-0x8001E004-NPD-DOS-15160437bb1e804cbe8fd4d826f8564fhttps://shareforall.notion.site/IOBit-Advanced-SystemCare-Utimate-AscRegistryFilter-0x8001E004-NPD-DOS-15160437bb1e804cbe8fd4d826f8564f
exploit_availability111
exploit_publicity111
exploit_urlhttps://shareforall.notion.site/IOBit-Advanced-SystemCare-Utimate-AscRegistryFilter-0x8001E004-NPD-DOS-15160437bb1e804cbe8fd4d826f8564fhttps://shareforall.notion.site/IOBit-Advanced-SystemCare-Utimate-AscRegistryFilter-0x8001E004-NPD-DOS-15160437bb1e804cbe8fd4d826f8564fhttps://shareforall.notion.site/IOBit-Advanced-SystemCare-Utimate-AscRegistryFilter-0x8001E004-NPD-DOS-15160437bb1e804cbe8fd4d826f8564f
source_cveCVE-2024-12659CVE-2024-12659CVE-2024-12659
cna_responsibleVulDBVulDBVulDB
response_summaryThe vendor was contacted early about this disclosure but did not respond in any way.The vendor was contacted early about this disclosure but did not respond in any way.The vendor was contacted early about this disclosure but did not respond in any way.
cvss2_vuldb_avLLL
cvss2_vuldb_acLLL
cvss2_vuldb_ciNNN
cvss2_vuldb_iiNNN
cvss2_vuldb_aiCCC
cvss2_vuldb_ePOCPOCPOC
cvss2_vuldb_rcURURUR
cvss4_vuldb_avLLL
cvss4_vuldb_acLLL
cvss4_vuldb_prLLL
cvss4_vuldb_uiNNN
cvss4_vuldb_vcNNN
cvss4_vuldb_viNNN
cvss4_vuldb_vaHHH
cvss4_vuldb_ePPP
cvss2_vuldb_auSSS
cvss2_vuldb_rlNDNDND
cvss3_vuldb_rlXXX
cvss4_vuldb_atNNN
cvss4_vuldb_scNNN
cvss4_vuldb_siNNN
cvss4_vuldb_saNNN
cvss2_vuldb_basescore4.64.64.6
cvss2_vuldb_tempscore3.93.93.9
cvss3_vuldb_basescore5.55.55.5
cvss3_vuldb_tempscore5.05.05.0
cvss3_meta_basescore5.55.55.5
cvss3_meta_tempscore5.05.25.3
cvss4_vuldb_bscore6.86.86.8
cvss4_vuldb_btscore5.45.45.4
advisory_date1734303600 (16/12/2024)1734303600 (16/12/2024)1734303600 (16/12/2024)
price_0day$0-$5k$0-$5k$0-$5k
cve_nvd_summaryA vulnerability was found in IObit Advanced SystemCare Utimate up to 17.0.0. It has been classified as problematic. Affected is the function 0x8001E004 in the library AscRegistryFilter.sys of the component IOCTL Handler. The manipulation leads to null pointer dereference. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.A vulnerability was found in IObit Advanced SystemCare Utimate up to 17.0.0. It has been classified as problematic. Affected is the function 0x8001E004 in the library AscRegistryFilter.sys of the component IOCTL Handler. The manipulation leads to null pointer dereference. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
cvss4_cna_avLL
cvss4_cna_acLL
cvss4_cna_atNN
cvss4_cna_prLL
cvss4_cna_uiNN
cvss4_cna_vcNN
cvss4_cna_viNN
cvss4_cna_vaHH
cvss4_cna_scNN
cvss4_cna_siNN
cvss4_cna_saNN
cvss4_cna_bscore6.86.8
cvss3_cna_avLL
cvss3_cna_acLL
cvss3_cna_prLL
cvss3_cna_uiNN
cvss3_cna_sUU
cvss3_cna_cNN
cvss3_cna_iNN
cvss3_cna_aHH
cvss3_cna_basescore5.55.5
cvss2_cna_avLL
cvss2_cna_acLL
cvss2_cna_auSS
cvss2_cna_ciNN
cvss2_cna_iiNN
cvss2_cna_aiCC
cvss2_cna_basescore4.64.6
cve_nvd_summaryesSe ha encontrado una vulnerabilidad en IObit Advanced SystemCare Ultimate hasta la versión 17.0.0. Se ha clasificado como problemática. La función afectada es 0x8001E004 en la librería AscRegistryFilter.sys del componente IOCTL Handler. La manipulación provoca la desreferenciación de puntero nulo. Es necesario realizar un ataque local. El exploit se ha hecho público y puede utilizarse. Se contactó al proveedor con anticipación sobre esta revelación, pero no respondió de ninguna manera.
cvss3_nvd_avL
cvss3_nvd_acL
cvss3_nvd_prL
cvss3_nvd_uiN
cvss3_nvd_sU
cvss3_nvd_cN
cvss3_nvd_iN
cvss3_nvd_aH
cvss3_nvd_basescore5.5

मागील बाजूससिंहावलोकनपुढील

Do you want to use VulDB in your project?

Use the official API to access entries easily!