| |
Vulnerability CVE-2020-10234
Published: 2021-02-05
Description: |
The AscRegistryFilter.sys kernel driver in IObit Advanced SystemCare 13.2 allows an unprivileged user to send an IOCTL to the device driver. If the user provides a NULL entry for the dwIoControlCode parameter, a kernel panic (aka BSOD) follows. The IOCTL codes can be found in the dispatch function: 0x8001E000, 0x8001E004, 0x8001E008, 0x8001E00C, 0x8001E010, 0x8001E014, 0x8001E020, 0x8001E024, 0x8001E040, 0x8001E044, and 0x8001E048. \DosDevices\AscRegistryFilter and \Device\AscRegistryFilter are affected. |
Type:
NVD-CWE-noinfo
CVSS2 => (AV:N/AC:L/Au:S/C:N/I:N/A:C)
CVSS Base Score |
Impact Subscore |
Exploitability Subscore |
6.8/10 |
6.9/10 |
8/10 |
Exploit range |
Attack complexity |
Authentication |
Remote |
Low |
Single time |
Confidentiality impact |
Integrity impact |
Availability impact |
None |
None |
Complete |
References: |
https://github.com/FULLSHADE/Kernel-exploits
https://github.com/FULLSHADE/Kernel-exploits/tree/master/AscRegistryFilter.sys
https://www.iobit.com/en/advancedsystemcarefree.php
|
|
|
closedb();
?>
Copyright 2024, cxsecurity.com
|
|
|