Multiple vulnerabilities in IObit Malware Fighter
| Risk | Low |
| Patch available | NO |
| Number of vulnerabilities | 6 |
| CVE-ID | CVE-2018-19085 CVE-2018-19084 CVE-2018-19086 CVE-2018-19087 CVE-2018-18714 CVE-2018-18026 |
| CWE-ID | CWE-121 |
| Exploitation vector | Local |
| Public exploit |
Public exploit code for vulnerability #1 is available. Public exploit code for vulnerability #2 is available. Public exploit code for vulnerability #3 is available. Public exploit code for vulnerability #4 is available. Public exploit code for vulnerability #5 is available. Public exploit code for vulnerability #6 is available. |
| Vulnerable software Subscribe |
IObit Malware Fighter Client/Desktop applications / Antivirus software/Personal firewalls |
| Vendor | IObit |
Security Bulletin
This security bulletin contains information about 6 vulnerabilities.
1) Stack-based buffer overflow
EUVDB-ID: #VU15798
Risk: Low
CVSSv3.1: 7.4 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C]
CVE-ID: CVE-2018-19085
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code with elevated privileges.
The vulnerability exists due to a boundary error when an attacker uses IOCTL 0x8006E048 with a size larger than 8 bytes within the RegFilter.sys driver. A local user can trigger stack-based buffer overflow and cause denial of service or code execution with root privileges.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
IObit Malware Fighter: 6.2.0 - 6.3.0
External linkshttp://downwithup.github.io/CVEPosts.html
http://github.com/DownWithUp/CVE-Stockpile-2018/blob/master/CVE-2018-19085.c
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
2) Stack-based buffer overflow
EUVDB-ID: #VU15799
Risk: Low
CVSSv3.1: 7.4 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C]
CVE-ID: CVE-2018-19084
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code with elevated privileges.
The vulnerability exists due to a boundary error when an attacker uses IOCTL 0x8006E05C with a size larger than 8 bytes within RegFilter.sys. A local user can trigger stack-based buffer overflow and cause denial of service or code execution with root privileges.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsIObit Malware Fighter: 6.2.0 - 6.3.0
External linkshttp://downwithup.github.io/CVEPosts.html
http://github.com/DownWithUp/CVE-Stockpile-2018/blob/master/CVE-2018-19084.c
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
3) Stack-based buffer overflow
EUVDB-ID: #VU15800
Risk: Low
CVSSv3.1: 7.4 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C]
CVE-ID: CVE-2018-19086
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code with elevated privileges.
The vulnerability exists due to a boundary error when an attacker uses IOCTL 0x8006E040 with a size larger than 8 bytes within RegFilter.sys. A local user can trigger stack-based buffer overflow and cause denial of service or code execution with root privileges.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsIObit Malware Fighter: 6.2.0 - 6.3.0
External linkshttp://downwithup.github.io/CVEPosts.html
http://github.com/DownWithUp/CVE-Stockpile-2018/blob/master/CVE-2018-19086.c
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
4) Stack-based buffer overflow
EUVDB-ID: #VU15801
Risk: Low
CVSSv3.1: 7.4 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C]
CVE-ID: CVE-2018-19087
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code with elevated privileges.
The vulnerability exists due to a boundary error when an attacker uses IOCTL 0x8006E044 with a size larger than 8 bytes within RegFilter.sys. A local user can trigger stack-based buffer overflow and cause denial of service or code execution with root privileges.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsIObit Malware Fighter: 6.2.0 - 6.3.0
External linkshttp://downwithup.github.io/CVEPosts.html
http://github.com/DownWithUp/CVE-Stockpile-2018/blob/master/CVE-2018-19087.c
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
5) Stack-based buffer overflow
EUVDB-ID: #VU15802
Risk: Low
CVSSv3.1: 7.4 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C]
CVE-ID: CVE-2018-18714
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: Yes
DescriptionThe vulnerability allows a local user to execute arbitrary code with elevated privileges.
The vulnerability exists due to a boundary error when an attacker uses IOCTL 0x8006E010 within RegFilter.sys. A local user can trigger stack-based buffer overflow and cause denial of service (DoS) or code execution with root privileges.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsIObit Malware Fighter: 6.2.0 - 6.3.0
External linkshttp://downwithup.github.io/CVEPosts.html
http://github.com/DownWithUp/CVE-2018-18714
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
6) Stack-based buffer overflow
EUVDB-ID: #VU15803
Risk: Low
CVSSv3.1: 7.4 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C]
CVE-ID: CVE-2018-18026
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: Yes
DescriptionThe vulnerability allows a local user to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in IMFCameraProtect.sys driver. A local user can use DeviceIoControl to pass a user specified size which can be used to overwrite return addresses, trigger stack-based buffer overflow and execute arbitrary code on the target system with elevated privileges.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsIObit Malware Fighter: 6.2.0 - 6.3.0
External linkshttp://downwithup.github.io/CVEPosts.html
http://github.com/DownWithUp/CVE-2018-18026
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
