IObit Malware Fighter 9.4.0.776 IOCTL ObCallbackProcess.sys 0x222010 denial of service

VoceHistoryjsonxmlCTI

In IObit Malware Fighter 9.4.0.776 è stata rilevato un punto critico di livello problematico. Riguarda la funzione 0x222010 nella libreria ObCallbackProcess.sys del componente IOCTL Handler. La manipolazione di un input sconosciuto se causa una vulnerabilità di classe denial of service. L'advisory è scaricabile da github.com. Questo punto di criticità è identificato come CVE-2023-1640. L'attacco necessita di essere iniziato localmente. I dettagli tecnici sono conosciuti. È stato dichiarato come proof-of-concept. L'exploit è scaricabile da drive.google.com. Una possibile soluzione è stata pubblicata già prima e non dopo la pubblicazione della vulnerabilità.

Campo	27/03/2023 07:47	15/04/2023 11:25	15/04/2023 11:32
vendor	IObit	IObit	IObit
name	Malware Fighter	Malware Fighter	Malware Fighter
version	9.4.0.776	9.4.0.776	9.4.0.776
component	IOCTL Handler	IOCTL Handler	IOCTL Handler
library	ObCallbackProcess.sys	ObCallbackProcess.sys	ObCallbackProcess.sys
function	0x222010	0x222010	0x222010
cwe	404 (denial of service)	404 (denial of service)	404 (denial of service)
risk	1	1	1
cvss3_vuldb_av	L	L	L
cvss3_vuldb_ac	L	L	L
cvss3_vuldb_pr	L	L	L
cvss3_vuldb_ui	N	N	N
cvss3_vuldb_s	U	U	U
cvss3_vuldb_c	N	N	N
cvss3_vuldb_i	N	N	N
cvss3_vuldb_a	H	H	H
cvss3_vuldb_e	P	P	P
cvss3_vuldb_rc	R	R	R
url	https://github.com/zeze-zeze/WindowsKernelVuln/tree/master/CVE-2023-1640	https://github.com/zeze-zeze/WindowsKernelVuln/tree/master/CVE-2023-1640	https://github.com/zeze-zeze/WindowsKernelVuln/tree/master/CVE-2023-1640
availability	1	1	1
publicity	1	1	1
url	https://drive.google.com/file/d/1AcwSxTA0_zh7mmxU5J8WphRqg_mQsO-g/view	https://drive.google.com/file/d/1AcwSxTA0_zh7mmxU5J8WphRqg_mQsO-g/view	https://drive.google.com/file/d/1AcwSxTA0_zh7mmxU5J8WphRqg_mQsO-g/view
cve	CVE-2023-1640	CVE-2023-1640	CVE-2023-1640
responsible	VulDB	VulDB	VulDB
date	1679785200 (26/03/2023)	1679785200 (26/03/2023)	1679785200 (26/03/2023)
type	Anti-Malware Software	Anti-Malware Software	Anti-Malware Software
cvss2_vuldb_av	L	L	L
cvss2_vuldb_ac	L	L	L
cvss2_vuldb_ci	N	N	N
cvss2_vuldb_ii	N	N	N
cvss2_vuldb_ai	C	C	C
cvss2_vuldb_e	POC	POC	POC
cvss2_vuldb_rc	UR	UR	UR
cvss2_vuldb_au	S	S	S
cvss2_vuldb_rl	ND	ND	ND
cvss3_vuldb_rl	X	X	X
cvss2_vuldb_basescore	4.6	4.6	4.6
cvss2_vuldb_tempscore	3.9	3.9	3.9
cvss3_vuldb_basescore	5.5	5.5	5.5
cvss3_vuldb_tempscore	5.0	5.0	5.0
cvss3_meta_basescore	5.5	5.5	5.5
cvss3_meta_tempscore	5.0	5.0	5.3
price_0day	$0-$5k	$0-$5k	$0-$5k
cve_assigned		1679785200 (26/03/2023)	1679785200 (26/03/2023)
cve_nvd_summary		A vulnerability classified as problematic was found in IObit Malware Fighter 9.4.0.776. This vulnerability affects the function 0x222010 in the library ObCallbackProcess.sys of the component IOCTL Handler. The manipulation leads to denial of service. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-224020.	A vulnerability classified as problematic was found in IObit Malware Fighter 9.4.0.776. This vulnerability affects the function 0x222010 in the library ObCallbackProcess.sys of the component IOCTL Handler. The manipulation leads to denial of service. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-224020.
cvss3_nvd_av			L
cvss3_nvd_ac			L
cvss3_nvd_pr			L
cvss3_nvd_ui			N
cvss3_nvd_s			U
cvss3_nvd_c			N
cvss3_nvd_i			N
cvss3_nvd_a			H
cvss2_nvd_av			L
cvss2_nvd_ac			L
cvss2_nvd_au			S
cvss2_nvd_ci			N
cvss2_nvd_ii			N
cvss2_nvd_ai			C
cvss3_cna_av			L
cvss3_cna_ac			L
cvss3_cna_pr			L
cvss3_cna_ui			N
cvss3_cna_s			U
cvss3_cna_c			N
cvss3_cna_i			N
cvss3_cna_a			H
cve_cna			VulDB
cvss2_nvd_basescore			4.6
cvss3_nvd_basescore			5.5
cvss3_cna_basescore			5.5

◂ Precedente Visione D'insieme Il prossimo ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!