CVE-2024-12662

Summary

CVE-2024-12662 is a recently disclosed vulnerability affecting IObit Advanced SystemCare Ultimate versions up to 17.0.0. The issue lies within the AscRegistryFilter.sys library's IOCTL Handler function (0x8001E040), which contains a problematic null pointer dereference vulnerability. An attacker can locally exploit this flaw by manipulating the input, leading to potential crashes or code execution. Unfortunately, the exploit for this vulnerability has been made public, increasing the risk to affected systems. Despite early contact from security researchers, the vendor has yet to respond or release a patch.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.