IObit Advanced SystemCare 15 Free Edition

Submit a proposal Propose CVE/GCVE/GHSA reference

Approved changes feed: RSS · Atom

cpe:2.3:a:iobit:advanced_systemcare:15:*:*:*:free:*:*:*

part: a version: 15 update: *

VendorIobit (df7a41dc-88fd-585d-b3ce-20ab47097314)
ProductAdvanced Systemcare (aa315639-eb6e-5c53-bb7d-65e95c12331a)
Edition*
Language*
Software editionfree
Target software*
Target hardware*
Other*
NotesImported from NVD CPE 2.0 feed

PURL mappings

PURLSourceLast updated
No PURL mappings for this CPE yet.

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2022-24138 vulnerable 2026-06-03 14:46:29.409671 Details available
IOBit Advanced System Care (Asc.exe) 15 and Action Download Center both download components of IOBit suite into ProgramData folder, ProgramData folder has "rwx" permissions for unprivileged users. Low privilege users can use SetOpLock to wait for CreateProcess and switch the genuine component with a malicious executable thus gaining code execution as a high privilege user (Low Privilege -> high integrity ADMIN).
Published: 2022-07-06T12:41:26.000Z
Updated: 2024-08-03T04:07:01.457Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-20055 vulnerable 2026-06-03 14:35:36.343499 IObit Advanced SystemCare 10.0.2 Unquoted Service Path Privilege Escalation
HIGH (7.8)
IObit Advanced SystemCare 10.0.2 contains an unquoted service path vulnerability in the AdvancedSystemCareService10 service that allows local attackers to escalate privileges. Attackers can place a malicious executable in the service path and trigger privilege escalation when the service restarts or the system reboots, executing code with LocalSystem privileges.
Published: 2026-04-04T13:50:59.001Z
Updated: 2026-04-06T15:42:28.084Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.