| Название | IObit Advanced SystemCare 19 Link Following |
|---|
| Описание | A vulnerability exists in the installation routine of Advanced SystemCare that allows a low-privileged local user to achieve an insecure file write as NT AUTHORITY\SYSTEM. The application installer fails to securely handle pre-existing directories in C:\ProgramData\ and doesn't clean the ACLs upon installation. The user leverages the fact that the service (Advanced SystemCare Service 19) is executed as SYSTEM integrity (as found in procmon). Forcing a restart OR installing the program forces the Service to execute the ASC.exe executable, this .exe looks for a .ini file under the name of AscService.ini and writes to it. By pre-staging the application's target directory and converting it into a directory symlink (with GoogleZeros Symlink tool) pointing to a protected system location, a low-privileged user can trick the installer into writing configuration files or application data to arbitrary locations on the filesystem, such as C:\Windows.
No dedicated security contact or email was found for IObit; generic support forms were deemed insecure for vulnerability disclosure.
Previously lodged with MITRE but has been withdrawn prior to submitting this request due to backlogs and funding complications in the USA. |
|---|
| Пользователь | usernameone101 (UID 97140) |
|---|
| Представление | 06.04.2026 05:18 (2 месяцы назад) |
|---|
| Модерация | 05.05.2026 07:56 (29 days later) |
|---|
| Статус | принято |
|---|
| Запись VulDB | 361111 [IObit Advanced SystemCare 19 Service ASC.exe эскалация привилегий] |
|---|
| Баллы | 17 |
|---|