SB2018112209 - Multiple vulnerabilities in IObit Malware Fighter
Published: November 22, 2018
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 6 secuirty vulnerabilities.
1) Stack-based buffer overflow (CVE-ID: CVE-2018-19085)
The vulnerability allows a local user to execute arbitrary code with elevated privileges.
The vulnerability exists due to a boundary error when an attacker uses IOCTL 0x8006E048 with a size larger than 8 bytes within the RegFilter.sys driver. A local user can trigger stack-based buffer overflow and cause denial of service or code execution with root privileges.
2) Stack-based buffer overflow (CVE-ID: CVE-2018-19084)
The vulnerability allows a local user to execute arbitrary code with elevated privileges.
The vulnerability exists due to a boundary error when an attacker uses IOCTL 0x8006E05C with a size larger than 8 bytes within RegFilter.sys. A local user can trigger stack-based buffer overflow and cause denial of service or code execution with root privileges.
3) Stack-based buffer overflow (CVE-ID: CVE-2018-19086)
The vulnerability allows a local user to execute arbitrary code with elevated privileges.
The vulnerability exists due to a boundary error when an attacker uses IOCTL 0x8006E040 with a size larger than 8 bytes within RegFilter.sys. A local user can trigger stack-based buffer overflow and cause denial of service or code execution with root privileges.
4) Stack-based buffer overflow (CVE-ID: CVE-2018-19087)
The vulnerability allows a local user to execute arbitrary code with elevated privileges.
The vulnerability exists due to a boundary error when an attacker uses IOCTL 0x8006E044 with a size larger than 8 bytes within RegFilter.sys. A local user can trigger stack-based buffer overflow and cause denial of service or code execution with root privileges.
5) Stack-based buffer overflow (CVE-ID: CVE-2018-18714)
The vulnerability allows a local user to execute arbitrary code with elevated privileges.
The vulnerability exists due to a boundary error when an attacker uses IOCTL 0x8006E010 within RegFilter.sys. A local user can trigger stack-based buffer overflow and cause denial of service (DoS) or code execution with root privileges.
6) Stack-based buffer overflow (CVE-ID: CVE-2018-18026)
The vulnerability allows a local user to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in IMFCameraProtect.sys driver. A local user can use DeviceIoControl to pass a user specified size which can be used to overwrite return addresses, trigger stack-based buffer overflow and execute arbitrary code on the target system with elevated privileges.
Remediation
Cybersecurity Help is not aware of any official remediation provided by the vendor.
References
- https://downwithup.github.io/CVEPosts.html
- https://github.com/DownWithUp/CVE-Stockpile-2018/blob/master/CVE-2018-19085.c
- https://github.com/DownWithUp/CVE-Stockpile-2018/blob/master/CVE-2018-19084.c
- https://github.com/DownWithUp/CVE-Stockpile-2018/blob/master/CVE-2018-19086.c
- https://github.com/DownWithUp/CVE-Stockpile-2018/blob/master/CVE-2018-19087.c
- https://github.com/DownWithUp/CVE-2018-18714
- https://github.com/DownWithUp/CVE-2018-18026