Vulnerability-Lookup

CNVD-2021-20208

Vulnerability from cnvd - Published: 2021-03-22

Title

IOBit Malware Fighter Pro后置链接漏洞

Description

IOBit Malware Fighter Pro是英国IOBit公司的一款反恶意软件应用程序。 IOBit Malware Fighter Pro 8.0.2.547版本中存在安全漏洞。本地攻击者可借助特制链接利用该漏洞获得删除文件的权限。

Severity

低

Formal description

目前厂商暂未发布修复措施解决此安全问题，建议使用此软件的用户随时关注厂商主页或参考网址以获取解决办法： https://www.iobit.com/

Reference

https://nvd.nist.gov/vuln/detail/CVE-2020-15401

Impacted products

Name
IObit IObit Malware Fighter Pro 8.0.2.547

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-15401"
    }
  },
  "description": "IOBit Malware Fighter Pro\u662f\u82f1\u56fdIOBit\u516c\u53f8\u7684\u4e00\u6b3e\u53cd\u6076\u610f\u8f6f\u4ef6\u5e94\u7528\u7a0b\u5e8f\u3002\n\nIOBit Malware Fighter Pro 8.0.2.547\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u672c\u5730\u653b\u51fb\u8005\u53ef\u501f\u52a9\u7279\u5236\u94fe\u63a5\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u5f97\u5220\u9664\u6587\u4ef6\u7684\u6743\u9650\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u6682\u672a\u53d1\u5e03\u4fee\u590d\u63aa\u65bd\u89e3\u51b3\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u5efa\u8bae\u4f7f\u7528\u6b64\u8f6f\u4ef6\u7684\u7528\u6237\u968f\u65f6\u5173\u6ce8\u5382\u5546\u4e3b\u9875\u6216\u53c2\u8003\u7f51\u5740\u4ee5\u83b7\u53d6\u89e3\u51b3\u529e\u6cd5\uff1a\r\nhttps://www.iobit.com/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2021-20208",
  "openTime": "2021-03-22",
  "products": {
    "product": "IObit IObit Malware Fighter Pro 8.0.2.547"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2020-15401",
  "serverity": "\u4f4e",
  "submitTime": "2020-07-01",
  "title": "IOBit Malware Fighter Pro\u540e\u7f6e\u94fe\u63a5\u6f0f\u6d1e"
}

CVE-2020-15401 (GCVE-0-2020-15401)

Vulnerability from cvelistv5 – Published: 2020-06-30 11:50 – Updated: 2024-08-04 13:15

Summary

IOBit Malware Fighter Pro 8.0.2.547 allows local users to gain privileges for file deletion by manipulating malicious flagged file locations with an NTFS junction and an Object Manager symbolic link.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

http://daniels-it-blog.blogspot.com/2020/06/when-…

x_refsource_MISC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T13:15:20.617Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://daniels-it-blog.blogspot.com/2020/06/when-your-anti-virus-turns-against-you.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "IOBit Malware Fighter Pro 8.0.2.547 allows local users to gain privileges for file deletion by manipulating malicious flagged file locations with an NTFS junction and an Object Manager symbolic link."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-06-30T11:50:09",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://daniels-it-blog.blogspot.com/2020/06/when-your-anti-virus-turns-against-you.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-15401",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IOBit Malware Fighter Pro 8.0.2.547 allows local users to gain privileges for file deletion by manipulating malicious flagged file locations with an NTFS junction and an Object Manager symbolic link."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://daniels-it-blog.blogspot.com/2020/06/when-your-anti-virus-turns-against-you.html",
              "refsource": "MISC",
              "url": "http://daniels-it-blog.blogspot.com/2020/06/when-your-anti-virus-turns-against-you.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-15401",
    "datePublished": "2020-06-30T11:50:09",
    "dateReserved": "2020-06-30T00:00:00",
    "dateUpdated": "2024-08-04T13:15:20.617Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2021-20208

CVE-2020-15401 (GCVE-0-2020-15401)

Tags

Sightings

Nomenclature