IObit Advanced SystemCare 10.0.2 contains an unquoted service path vulnerability in the AdvancedSystemCareService10 service that allows local attackers to escalate privileges. Attackers can place a malicious executable in the service path and trigger privilege escalation when the service restarts or the system reboots, executing code with LocalSystem privileges.
Attack Parameters
Attack Vector
Local
Requires local access
Attack Complexity
Low
Easy to exploit
Attack Requirements
None
No additional conditions
Privileges Required
Low
Basic privileges needed
User Interaction
None
No user interaction needed
Impact Assessment
Confidentiality
High
Complete data leak
Integrity
High
Complete data modification
Availability
High
Complete denial of service
CVSS Vector v4.0
Weakness Type (CWE)
References 4
http://www.iobit.com/en/advancedsystemcarefree.php#
disclosure@vulncheck.com
http://www.iobit.com/en/index.php
disclosure@vulncheck.com
https://www.exploit-db.com/exploits/40577
disclosure@vulncheck.com
https://www.vulncheck.com/advisories/iobit-advanced-systemcare-unquoted-service…
disclosure@vulncheck.com