GCVE - cpe:2.3:a:iobit:advanced_systemcare:15:*:*:*:pro:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:iobit:advanced_systemcare:15:*:*:*:pro:*:*:*

part: a version: 15 update: *

Vendor	Iobit (`df7a41dc-88fd-585d-b3ce-20ab47097314`)
Product	Advanced Systemcare (`aa315639-eb6e-5c53-bb7d-65e95c12331a`)
Edition	*
Language	*
Software edition	pro
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2022-24138`	vulnerable	2026-06-03 14:46:29.410301	Details available IOBit Advanced System Care (Asc.exe) 15 and Action Download Center both download components of IOBit suite into ProgramData folder, ProgramData folder has "rwx" permissions for unprivileged users. Low privilege users can use SetOpLock to wait for CreateProcess and switch the genuine component with a malicious executable thus gaining code execution as a high privilege user (Low Privilege -> high integrity ADMIN). Published: 2022-07-06T12:41:26.000Z Updated: 2024-08-03T04:07:01.457Z Open on db.gcve.eu Reference links http://advanced.com http://iobit.com https://github.com/tomerpeled92/CVE/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-44968`	vulnerable	2026-06-03 14:45:37.609257	Details available A Use after Free vulnerability exists in IOBit Advanced SystemCare 15 pro via requests sent in sequential order using the IOCTL driver codes, which could let a malicious user execute arbitrary code or a Denial of Service (system crash). IOCTL list: iobit_ioctl = [0x8001e01c, 0x8001e020, 0x8001e024, 0x8001e040,0x8001e044, 0x8001e048, 0x8001e04c, 0x8001e000, 0x8001e004, 0x8001e008, 0x8001e00c, 0x8001e010, 0x8001e014, 0x8001e018] Published: 2022-02-18T17:25:16.000Z Updated: 2024-08-04T04:32:13.469Z Open on db.gcve.eu Reference links https://github.com/Quadron-Research-Lab/Kernel_Driver_bugs/tree/main/iobit_advenced_system_care	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-20055`	vulnerable	2026-06-03 14:35:36.344222	IObit Advanced SystemCare 10.0.2 Unquoted Service Path Privilege Escalation HIGH (7.8) IObit Advanced SystemCare 10.0.2 contains an unquoted service path vulnerability in the AdvancedSystemCareService10 service that allows local attackers to escalate privileges. Attackers can place a malicious executable in the service path and trigger privilege escalation when the service restarts or the system reboots, executing code with LocalSystem privileges. Published: 2026-04-04T13:50:59.001Z Updated: 2026-04-06T15:42:28.084Z Open on db.gcve.eu Reference links https://www.exploit-db.com/exploits/40577 http://www.iobit.com/en/index.php http://www.iobit.com/en/advancedsystemcarefree.php# https://www.vulncheck.com/advisories/iobit-advanced-systemcare-unquoted-service-path-privilege-escalation	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.