CVE-2024-12660

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Published Dec 16, 2024

Updated: Dec 19, 2024

CWE ID 404

CWE ID 476

Summary

CVE-2024-12660 is a newly disclosed vulnerability affecting IObit Advanced SystemCare Ultimate versions up to 17.0.0. The issue lies in the AscRegistryFilter.sys component's IOCTL Handler library and its 0x8001E018 function. This vulnerability results in a null pointer dereference, which can be exploited locally to launch attacks. Despite early disclosure to the vendor, no response or patch has been provided, making the exploit publicly available.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

IOBIT ADVANCED SYSTEM CARE ULTIMATE

Affected Vendors

IObit

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/1pdW8_
https://www.cve.org/CVERecord?id=CVE-2024-12660
https://nvd.nist.gov/vuln/detail/CVE-2024-12660

Back to Vulnerability Database