Arbitrary Code Execution Vulnerability in IObit Advanced SystemCare

Arbitrary Code Execution Vulnerability in IObit Advanced SystemCare

CVE-2018-16711 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:P/A:P

IObit Advanced SystemCare, which includes Monitor_win10_x64.sys or Monitor_win7_x64.sys, 1.2.0.5 (and possibly earlier versions) allows a user to send an IOCTL (0x9C402088) with a buffer containing user defined content. The driver's subroutine will execute a wrmsr instruction with the user's buffer for input.

Learn more about our User Device Pen Test.