Description
A flaw has been found in IObit Malware Fighter up to 13.2.0. Affected by this vulnerability is an unknown functionality of the component DLL Handler. This manipulation causes permission issues. The attack requires local access. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Published: 2026-06-15
Score: 4.8 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A flaw was identified in IObit Malware Fighter version 13.2.0 and earlier in a component DLL handler whose behaviour is not fully documented. Manipulation of this DLL triggers permission misconfigurations that can be exploited locally to elevate privileges or alter file access. The vulnerability is linked to improper privilege and access control weaknesses (CWE‑266 and CWE‑275). The impact is that a local attacker could gain higher level permissions and potentially execute arbitrary code with those privileges.

Affected Systems

The affected product is IObit Malware Fighter up to and including version 13.2.0. Users of this antivirus suite on Windows operating systems are potentially impacted when the vulnerable DLL is present and in use.

Risk and Exploitability

The CVSS score of 4.8 places this issue in the moderate range. The EPSS score is not available and it is not listed in the CISA KEV catalog. The attack requires local access, and the exploit code has already been published and may be in use. Consequently, if an attacker gains local control or can persist a malicious DLL on the target system, they could use this vulnerability to increase their privileges and compromise the integrity or availability of the system.

Generated by OpenCVE AI on June 15, 2026 at 01:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to a version of IObit Malware Fighter newer than 13.2.0 that addresses the DLL permission flaw.
  • If an upgrade is not feasible, restrict the vulnerable DLL by changing its permissions to deny write or modify access to non‑administrative accounts and consider renaming or disabling the file until a patch is released.
  • Enforce a strict least‑privilege policy for all local accounts and monitor the system for unauthorized DLL modifications or permission changes.

Generated by OpenCVE AI on June 15, 2026 at 01:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 15 Jun 2026 00:45:00 +0000

Type Values Removed Values Added
Description A flaw has been found in IObit Malware Fighter up to 13.2.0. Affected by this vulnerability is an unknown functionality of the component DLL Handler. This manipulation causes permission issues. The attack requires local access. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Title IObit Malware Fighter DLL permission
First Time appeared Iobit
Iobit malware Fighter
Weaknesses CWE-266
CWE-275
CPEs cpe:2.3:a:iobit:malware_fighter:*:*:*:*:*:*:*:*
Vendors & Products Iobit
Iobit malware Fighter
References
Metrics cvssV2_0

{'score': 4.3, 'vector': 'AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 5.3, 'vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 4.8, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Iobit Malware Fighter
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-06-15T00:30:08.901Z

Reserved: 2026-06-14T11:43:26.123Z

Link: CVE-2026-12201

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-06-15T01:16:25.547

Modified: 2026-06-15T01:16:25.547

Link: CVE-2026-12201

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-15T01:30:21Z

Weaknesses