CVE-2024-12657

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Published Dec 16, 2024

Updated: Dec 19, 2024

CWE ID 404

CWE ID 476

Summary

CVE-2024-12657 is a newly disclosed vulnerability affecting IObit Advanced SystemCare Ultimate versions up to 17.0.0. The issue lies in the AscRegistryFilter.sys library's IOCTL Handler component and its function 0x8001E000. The manipulation of this function results in a null pointer dereference, which can be exploited locally. The vulnerability has been made public, and an exploit is available. Despite early notification, the vendor has not responded to the disclosure.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

IOBIT ADVANCED SYSTEM CARE ULTIMATE

Affected Vendors

IObit

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/1paXuO
https://www.cve.org/CVERecord?id=CVE-2024-12657
https://nvd.nist.gov/vuln/detail/CVE-2024-12657

Back to Vulnerability Database