Unrated severityNVD Advisory· Published Jul 6, 2022· Updated Aug 3, 2024
CVE-2022-24138
CVE-2022-24138
Description
IOBit Advanced System Care (Asc.exe) 15 and Action Download Center both download components of IOBit suite into ProgramData folder, ProgramData folder has "rwx" permissions for unprivileged users. Low privilege users can use SetOpLock to wait for CreateProcess and switch the genuine component with a malicious executable thus gaining code execution as a high privilege user (Low Privilege -> high integrity ADMIN).
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3(expand)+ 1 more
- (no CPE)
- (no CPE)range: 15
Patches
Vulnerability mechanics
References
2- advanced.commitrex_refsource_MISC
- iobit.commitrex_refsource_MISC
News mentions
0No linked articles in our index yet.