CVE-2018-16711: Buffer Overflow
First published: Wed Sep 26 2018(Updated: )
IObit Advanced SystemCare, which includes Monitor_win10_x64.sys or Monitor_win7_x64.sys, 1.2.0.5 (and possibly earlier versions) allows a user to send an IOCTL (0x9C402088) with a buffer containing user defined content. The driver's subroutine will execute a wrmsr instruction with the user's buffer for input.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Iobit Advanced Systemcare | <=1.2.0.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2018-16711?
CVE-2018-16711 is a vulnerability in IObit Advanced SystemCare, which allows a user to send an IOCTL with a buffer containing user-defined content, leading to the execution of unauthorized instructions.
What is the severity of CVE-2018-16711?
The severity of CVE-2018-16711 is rated as high with a CVSS score of 8.8.
How does CVE-2018-16711 affect IObit Advanced SystemCare?
CVE-2018-16711 affects IObit Advanced SystemCare versions 1.2.0.5 and possibly earlier, specifically targeting the Monitor_win10_x64.sys or Monitor_win7_x64.sys driver, allowing unauthorized actions.
How can the vulnerability CVE-2018-16711 be exploited?
The vulnerability CVE-2018-16711 can be exploited by sending an IOCTL (0x9C402088) with a buffer containing user-defined content to execute unauthorized instructions by the driver's subroutine.
Is there a fix available for CVE-2018-16711?
It is recommended to update the affected IObit Advanced SystemCare version to the latest available, which does not have this vulnerability.
- collector/nvd-index
- vendor/iobit
- canonical/iobit advanced systemcare
- version/iobit advanced systemcare/1.2.0.5