Description
IOBit Advanced System Care (Asc.exe) 15 and Action Download Center both download components of IOBit suite into ProgramData folder, ProgramData folder has "rwx" permissions for unprivileged users. Low privilege users can use SetOpLock to wait for CreateProcess and switch the genuine component with a malicious executable thus gaining code execution as a high privilege user (Low Privilege -> high integrity ADMIN).
References (3)
Core 3
Core References
Not Applicable x_refsource_misc
http://advanced.com
Vendor Advisory x_refsource_misc
http://iobit.com
Third Party Advisory x_refsource_misc
https://github.com/tomerpeled92/CVE/
Scores
CVSS v3
7.8
EPSS
0.0050
EPSS Percentile
38.8%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-552
Status
published
Products (1)
iobit/advanced_systemcare
15 (2 CPE variants)
Published
Jul 06, 2022
Tracked Since
Feb 18, 2026