Login Sign Up

CVE-2023-1640

5.5 MEDIUM
Denial of Service

📋 TL;DR

This vulnerability in IObit Malware Fighter's kernel driver allows local attackers to trigger a denial of service condition by sending specially crafted IOCTL requests. It affects users running the vulnerable version of the security software on Windows systems. The attack requires local access to the system.

💻 Affected Systems

Products:
  • IObit Malware Fighter
Versions: 9.4.0.776
Operating Systems: Windows
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects systems with IObit Malware Fighter installed. The vulnerable driver loads with the software.

📦 What is this software?

Malware Fighter by Iobit

View all CVEs affecting Malware Fighter →

⚠️ Risk & Real-World Impact

🔴

Worst Case

System crash or blue screen (BSOD) requiring reboot, potentially causing data loss or service disruption.

🟠

Likely Case

Temporary denial of service affecting the security software or system stability until reboot.

🟢

If Mitigated

Minimal impact if proper access controls prevent unauthorized local users from executing code.

🌐 Internet-Facing: LOW - Requires local access, cannot be exploited remotely over the internet.
🏢 Internal Only: MEDIUM - Malicious insiders or compromised accounts with local access could disrupt systems.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploit code is publicly available on GitHub. Requires local execution privileges but not necessarily administrator rights.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check IObit website for latest version (likely 9.4.0.777 or higher)

Vendor Advisory: https://www.iobit.com/en/security.php

Restart Required: Yes

Instructions:

1. Open IObit Malware Fighter. 2. Click 'Check for Updates' in settings. 3. Install available updates. 4. Restart computer.

🔧 Temporary Workarounds

Restrict local user access

windows

Limit local user privileges to prevent unauthorized code execution

Temporarily disable driver

windows

Prevent ObCallbackProcess.sys from loading (may affect software functionality)

sc stop iobitmalwarefighter
sc config iobitmalwarefighter start= disabled

🧯 If You Can't Patch

  • Implement strict local access controls and user privilege management
  • Monitor for crash dumps or system instability events related to ObCallbackProcess.sys

🔍 How to Verify

Check if Vulnerable:

Check IObit Malware Fighter version in About section or via Programs and Features

Check Version:

wmic product where name="IObit Malware Fighter" get version

Verify Fix Applied:

Verify version is updated beyond 9.4.0.776 and check that ObCallbackProcess.sys driver version has changed

📡 Detection & Monitoring

Log Indicators:

  • System crash logs (Event ID 41)
  • Driver failure events
  • Unexpected system reboots

Network Indicators:

  • None - local vulnerability only

SIEM Query:

EventID=41 OR Source="System" AND EventID=1001 AND "ObCallbackProcess.sys"

📊 Metadata

CVE ID: CVE-2023-1640
CVSS v3 Score: 5.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-404
Published: March 26, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-1640, you might also want to check these:

CVE-2025-38385 7.8

This CVE describes a kernel warning triggered during USB device disconnection in the Linux kernel's ...

Same vulnerability type (CWE-404)
CVE-2022-23033 7.8

This Xen hypervisor vulnerability on ARM systems allows guest virtual machines to retain access to m...

Same vulnerability type (CWE-404)
CVE-2021-0984 7.8

This vulnerability in Android 12 allows local privilege escalation without user interaction. An inco...

Same vulnerability type (CWE-404)