Vulnerability Details CVE-2018-18026
IMFCameraProtect.sys in IObit Malware Fighter 6.2 (and possibly lower versions) is vulnerable to a stack-based buffer overflow. The attacker can use DeviceIoControl to pass a user specified size which can be used to overwrite return addresses. This can lead to a denial of service or code execution attack.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.02
EPSS Ranking 83.1%
CVSS Severity
CVSS v3 Score 7.8
CVSS v2 Score 4.6
References
Products affected by CVE-2018-18026
-
cpe:2.3:a:iobit:malware_fighter:1.0
-
cpe:2.3:a:iobit:malware_fighter:1.3.0.3
-
cpe:2.3:a:iobit:malware_fighter:2.4.1
-
cpe:2.3:a:iobit:malware_fighter:3.0.1.12
-
cpe:2.3:a:iobit:malware_fighter:3.0.2.29
-
cpe:2.3:a:iobit:malware_fighter:3.1.0
-
cpe:2.3:a:iobit:malware_fighter:3.1.0.18
-
cpe:2.3:a:iobit:malware_fighter:3.2.0
-
cpe:2.3:a:iobit:malware_fighter:3.3.0.8
-
cpe:2.3:a:iobit:malware_fighter:3.4.0.9
-
cpe:2.3:a:iobit:malware_fighter:4.0.3.18
-
cpe:2.3:a:iobit:malware_fighter:4.0.3.1839
-
cpe:2.3:a:iobit:malware_fighter:4.0.3.20
-
cpe:2.3:a:iobit:malware_fighter:4.0.3.2039
-
cpe:2.3:a:iobit:malware_fighter:4.0.3.22
-
cpe:2.3:a:iobit:malware_fighter:4.0.3.2240
-
cpe:2.3:a:iobit:malware_fighter:4.1.0.2246
-
cpe:2.3:a:iobit:malware_fighter:4.2.0.2425
-
cpe:2.3:a:iobit:malware_fighter:4.2.0.2458
-
cpe:2.3:a:iobit:malware_fighter:4.2.02425
-
cpe:2.3:a:iobit:malware_fighter:4.3.0.2688
-
cpe:2.3:a:iobit:malware_fighter:4.3.0.2739
-
cpe:2.3:a:iobit:malware_fighter:4.3.1.2873
-
cpe:2.3:a:iobit:malware_fighter:4.4.0.3072
-
cpe:2.3:a:iobit:malware_fighter:4.5.0.3457
-
cpe:2.3:a:iobit:malware_fighter:4.5.03457
-
cpe:2.3:a:iobit:malware_fighter:5.0.2.3752
-
cpe:2.3:a:iobit:malware_fighter:5.0.2.3788
-
cpe:2.3:a:iobit:malware_fighter:5.1.0
-
cpe:2.3:a:iobit:malware_fighter:5.2.0
-
cpe:2.3:a:iobit:malware_fighter:5.3.0
-
cpe:2.3:a:iobit:malware_fighter:5.4.0
-
cpe:2.3:a:iobit:malware_fighter:5.5.0
-
cpe:2.3:a:iobit:malware_fighter:5.6.0
-
cpe:2.3:a:iobit:malware_fighter:6.0.0
-
cpe:2.3:a:iobit:malware_fighter:6.0.2
-
cpe:2.3:a:iobit:malware_fighter:6.1.0
-
cpe:2.3:a:iobit:malware_fighter:6.2