CVE-2018-18714

HIGH

IOBit Malware Fighter < 6.2 - Stack-Based Buffer Overflow via IOCTL 0x8006E010

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-18714. PoCs published by DownWithUp.

AI-analyzed exploit summary This PoC exploits a stack overflow vulnerability in the RegFilter driver (CVE-2018-18714) to achieve local privilege escalation by disabling SMEP and executing shellcode in kernel mode. It uses a crafted IOCTL call to trigger the overflow and a ROP chain to restore execution flow.

Description

RegFilter.sys in IOBit Malware Fighter 6.2 and earlier is susceptible to a stack-based buffer overflow when an attacker uses IOCTL 0x8006E010. This can lead to denial of service (DoS) or code execution with root privileges.

Exploits (1)

nomisec WORKING POC 6 stars

by DownWithUp · poc

https://github.com/DownWithUp/CVE-2018-18714

View Code ZIP pw:eip

This PoC exploits a stack overflow vulnerability in the RegFilter driver (CVE-2018-18714) to achieve local privilege escalation by disabling SMEP and executing shellcode in kernel mode. It uses a crafted IOCTL call to trigger the overflow and a ROP chain to restore execution flow.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Complex

Reliability

Reliable

Target: IObit Malware Fighter (RegFilter driver)

No auth needed

Prerequisites: Vulnerable RegFilter driver loaded · Windows 10 (ntoskrnl version 10.0.17134.285)

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1055 - Process Injection

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Exploit, Third Party Advisory x_refsource_misc

https://downwithup.github.io/CVEPosts.html

Scores

CVSS v3 7.8

EPSS 0.0087

EPSS Percentile 54.2%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-787

Status published

Products (1)

iobit/malware_fighter < 6.2

Published Nov 01, 2018

Tracked Since Feb 18, 2026