{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-7325", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2024-07-31T12:06:31.866Z", "datePublished": "2024-07-31T19:31:03.993Z", "dateUpdated": "2024-08-02T19:32:06.378Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2024-07-31T19:31:03.993Z"}, "title": "IObit Driver Booster BPL VCL120.BPL uncontrolled search path", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-427", "lang": "en", "description": "CWE-427 Uncontrolled Search Path"}]}], "affected": [{"vendor": "IObit", "product": "Driver Booster", "versions": [{"version": "11.0.0.0", "status": "affected"}], "modules": ["BPL Handler"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in IObit Driver Booster 11.0.0.0. It has been rated as critical. Affected by this issue is some unknown functionality in the library VCL120.BPL of the component BPL Handler. The manipulation leads to uncontrolled search path. Attacking locally is a requirement. The identifier of this vulnerability is VDB-273248. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."}, {"lang": "de", "value": "Eine kritische Schwachstelle wurde in IObit Driver Booster 11.0.0.0 ausgemacht. Betroffen davon ist ein unbekannter Prozess in der Bibliothek VCL120.BPL der Komponente BPL Handler. Durch Manipulieren mit unbekannten Daten kann eine uncontrolled search path-Schwachstelle ausgenutzt werden. Der Angriff muss lokal passieren."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 8.5, "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "baseSeverity": "HIGH"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseSeverity": "HIGH"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseSeverity": "HIGH"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 6.8, "vectorString": "AV:L/AC:L/Au:S/C:C/I:C/A:C"}}], "timeline": [{"time": "2024-07-31T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2024-07-31T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2024-07-31T14:11:47.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "daniel.soriano (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.273248", "name": "VDB-273248 | IObit Driver Booster BPL VCL120.BPL uncontrolled search path", "tags": ["vdb-entry"]}, {"url": "https://vuldb.com/?ctiid.273248", "name": "VDB-273248 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.378139", "name": "Submit #378139 | Iobit Driver Booster 11.0.0.0 Uncontrolled Search Path", "tags": ["third-party-advisory"]}]}, "adp": [{"affected": [{"vendor": "iobit", "product": "driver_booster", "cpes": ["cpe:2.3:a:iobit:driver_booster:11.0.0.0:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "11.0.0.0", "status": "affected"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-07-31T20:25:25.202592Z", "id": "CVE-2024-7325", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-02T19:32:06.378Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-7325", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-07-31T20:25:25.202592Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:iobit:driver_booster:11.0.0.0:*:*:*:*:*:*:*"], "vendor": "iobit", "product": "driver_booster", "versions": [{"status": "affected", "version": "11.0.0.0"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-02T19:32:00.535Z"}}], "cna": {"title": "IObit Driver Booster BPL VCL120.BPL uncontrolled search path", "credits": [{"lang": "en", "type": "reporter", "value": "daniel.soriano (VulDB User)"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 8.5, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 6.8, "vectorString": "AV:L/AC:L/Au:S/C:C/I:C/A:C"}}], "affected": [{"vendor": "IObit", "modules": ["BPL Handler"], "product": "Driver Booster", "versions": [{"status": "affected", "version": "11.0.0.0"}]}], "timeline": [{"lang": "en", "time": "2024-07-31T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2024-07-31T02:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2024-07-31T14:11:47.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.273248", "name": "VDB-273248 | IObit Driver Booster BPL VCL120.BPL uncontrolled search path", "tags": ["vdb-entry"]}, {"url": "https://vuldb.com/?ctiid.273248", "name": "VDB-273248 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.378139", "name": "Submit #378139 | Iobit Driver Booster 11.0.0.0 Uncontrolled Search Path", "tags": ["third-party-advisory"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in IObit Driver Booster 11.0.0.0. It has been rated as critical. Affected by this issue is some unknown functionality in the library VCL120.BPL of the component BPL Handler. The manipulation leads to uncontrolled search path. Attacking locally is a requirement. The identifier of this vulnerability is VDB-273248. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."}, {"lang": "de", "value": "Eine kritische Schwachstelle wurde in IObit Driver Booster 11.0.0.0 ausgemacht. Betroffen davon ist ein unbekannter Prozess in der Bibliothek VCL120.BPL der Komponente BPL Handler. Durch Manipulieren mit unbekannten Daten kann eine uncontrolled search path-Schwachstelle ausgenutzt werden. Der Angriff muss lokal passieren."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-427", "description": "CWE-427 Uncontrolled Search Path"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2024-07-31T19:31:03.993Z"}}}, "cveMetadata": {"cveId": "CVE-2024-7325", "state": "PUBLISHED", "dateUpdated": "2024-08-02T19:32:06.378Z", "dateReserved": "2024-07-31T12:06:31.866Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2024-07-31T19:31:03.993Z", "assignerShortName": "VulDB"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:iobit:driver_booster:11.0.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "B7A3E136-F782-4319-A3FC-8115FC03441C", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was found in IObit Driver Booster 11.0.0.0. It has been rated as critical. Affected by this issue is some unknown functionality in the library VCL120.BPL of the component BPL Handler. The manipulation leads to uncontrolled search path. Attacking locally is a requirement. The identifier of this vulnerability is VDB-273248. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."}, {"lang": "es", "value": " Se encontr\u00f3 una vulnerabilidad en IObit Driver Booster 11.0.0.0. Ha sido calificada como cr\u00edtica. Una funci\u00f3n desconocida en la librer\u00eda VCL120.BPL del componente BPL Handler es afectada por esta vulnerabilidad. La manipulaci\u00f3n conduce a una ruta de b\u00fasqueda incontrolada. Atacar localmente es un requisito. El identificador de esta vulnerabilidad es VDB-273248. NOTA: Se contact\u00f3 al proveedor tempranamente sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera."}], "id": "CVE-2024-7325", "lastModified": "2024-09-11T15:42:50.473", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 6.8, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.1, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "cna@vuldb.com", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "automatable": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "baseScore": 8.5, "baseSeverity": "HIGH", "confidentialityRequirements": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "recovery": "NOT_DEFINED", "safety": "NOT_DEFINED", "subsequentSystemAvailability": "NONE", "subsequentSystemConfidentiality": "NONE", "subsequentSystemIntegrity": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnerabilityResponseEffort": "NOT_DEFINED", "vulnerableSystemAvailability": "HIGH", "vulnerableSystemConfidentiality": "HIGH", "vulnerableSystemIntegrity": "HIGH"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2024-07-31T20:15:07.817", "references": [{"source": "cna@vuldb.com", "tags": ["Permissions Required"], "url": "https://vuldb.com/?ctiid.273248"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory"], "url": "https://vuldb.com/?id.273248"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory"], "url": "https://vuldb.com/?submit.378139"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-427"}], "source": "cna@vuldb.com", "type": "Primary"}]}

{}