CVE-2018-18026

HIGH

Iobit Malware Fighter < 6.2 - Out-of-Bounds Write

Title source: rule

Description

IMFCameraProtect.sys in IObit Malware Fighter 6.2 (and possibly lower versions) is vulnerable to a stack-based buffer overflow. The attacker can use DeviceIoControl to pass a user specified size which can be used to overwrite return addresses. This can lead to a denial of service or code execution attack.

Exploits (1)

nomisec WORKING POC 6 stars

by DownWithUp · poc

https://github.com/DownWithUp/CVE-2018-18026

View Code ZIP pw:eip

References (2)

Core 2

Core References

Third Party Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/151849

Exploit, Third Party Advisory x_refsource_misc

https://downwithup.github.io/CVEPosts.html

Scores

CVSS v3 7.8

EPSS 0.0205

EPSS Percentile 84.0%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-787

Status published

Products (1)

iobit/malware_fighter < 6.2

Published Oct 19, 2018

Tracked Since Feb 18, 2026