Submit #378139: Iobit Driver Booster 11.0.0.0 Uncontrolled Search Pathinfo

TitleIobit Driver Booster 11.0.0.0 Uncontrolled Search Path
DescriptionA BPL sideloading vulnerability has been discovered in Driver Booster Version 11.0.0.0 When a user open the RttHlp.exe file (jdekl.exe renamed by the threat actor), the application will load the following BPL from the same directory: VCL120.BPL Using a crafted BPL, it is possible to execute arbitrary code in the context of the current logged in user. Currently there are cybercriminals who are taking advantage of this vulnerabilty to install malware. https://cyble.com/blog/uac-0184-abuses-python-in-dll-sideloading-for-xworm-distribution/ SHA256: 8aed681ad8d660257c10d2f0e85ae673184055a341901643f27afc38e5ef8473
Source⚠️ https://www.helpnetsecurity.com/2024/06/26/malware-bpl-sideloading/
User
 daniel.soriano (ID 72214)
Submission07/21/2024 08:53 AM (3 months ago)
Moderation07/31/2024 02:06 PM (10 days later)
StatusAccepted
VulDB Entry273248
Points20

Want to stay up to date on a daily basis?

Enable the mail alert feature now!