| タイトル | IObit Advanced SystemCare 19 Link Following |
|---|
| 説明 | A vulnerability exists in the installation routine of Advanced SystemCare that allows a low-privileged local user to achieve an insecure file write as NT AUTHORITY\SYSTEM. The application installer fails to securely handle pre-existing directories in C:\ProgramData\ and doesn't clean the ACLs upon installation. The user leverages the fact that the service (Advanced SystemCare Service 19) is executed as SYSTEM integrity (as found in procmon). Forcing a restart OR installing the program forces the Service to execute the ASC.exe executable, this .exe looks for a .ini file under the name of AscService.ini and writes to it. By pre-staging the application's target directory and converting it into a directory symlink (with GoogleZeros Symlink tool) pointing to a protected system location, a low-privileged user can trick the installer into writing configuration files or application data to arbitrary locations on the filesystem, such as C:\Windows.
No dedicated security contact or email was found for IObit; generic support forms were deemed insecure for vulnerability disclosure.
Previously lodged with MITRE but has been withdrawn prior to submitting this request due to backlogs and funding complications in the USA. |
|---|
| ユーザー | usernameone101 (UID 97140) |
|---|
| 送信 | 2026年04月06日 05:18 (2 月 ago) |
|---|
| モデレーション | 2026年05月05日 07:56 (29 days later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 361111 [IObit Advanced SystemCare 19 Service ASC.exe 特権昇格] |
|---|
| ポイント | 17 |
|---|