CVE-2018-18026

HIGH

IObit Malware Fighter < 6.2 - Stack-based Buffer Overflow via DeviceIoControl

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-18026. PoCs published by DownWithUp.

AI-analyzed exploit summary This PoC exploits a stack overflow vulnerability in the IMFCameraProtectDevice driver (CVE-2018-18026) to achieve local privilege escalation via a crafted IOCTL call and ROP chain. The shellcode disables SMEP and executes arbitrary code in kernel mode.

Description

IMFCameraProtect.sys in IObit Malware Fighter 6.2 (and possibly lower versions) is vulnerable to a stack-based buffer overflow. The attacker can use DeviceIoControl to pass a user specified size which can be used to overwrite return addresses. This can lead to a denial of service or code execution attack.

Exploits (1)

nomisec WORKING POC 6 stars
by DownWithUp · poc
https://github.com/DownWithUp/CVE-2018-18026

This PoC exploits a stack overflow vulnerability in the IMFCameraProtectDevice driver (CVE-2018-18026) to achieve local privilege escalation via a crafted IOCTL call and ROP chain. The shellcode disables SMEP and executes arbitrary code in kernel mode.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: IObit Malware Fighter (IMFCameraProtectDevice driver)
No auth needed
Prerequisites: Vulnerable driver installed · Kernel version 10.0.17134.345 or compatible
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Exploit, Third Party Advisory x_refsource_misc
https://downwithup.github.io/CVEPosts.html

Scores

CVSS v3 7.8
EPSS 0.0079
EPSS Percentile 51.7%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-787
Status published
Products (1)
iobit/malware_fighter < 6.2
Published Oct 19, 2018
Tracked Since Feb 18, 2026