Login Sign Up

CVE-2023-1644

5.5 MEDIUM
Denial of Service

📋 TL;DR

This vulnerability in IObit Malware Fighter's IMFCameraProtect.sys driver allows local attackers to trigger a denial of service through improper IOCTL handling. Attackers with local access can crash the system or cause instability. Only users of IObit Malware Fighter 9.4.0.776 are affected.

💻 Affected Systems

Products:
  • IObit Malware Fighter
Versions: 9.4.0.776
Operating Systems: Windows
Default Config Vulnerable: ⚠️ Yes
Notes: Requires IObit Malware Fighter to be installed and running. The vulnerable driver IMFCameraProtect.sys is part of the installation.

📦 What is this software?

Malware Fighter by Iobit

View all CVEs affecting Malware Fighter →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local attacker causes complete system crash or kernel panic requiring hard reboot, potentially leading to data loss or corruption.

🟠

Likely Case

Local user or malware causes application/service crash, disrupting security protection temporarily.

🟢

If Mitigated

With proper access controls, only authorized users could trigger the DoS, limiting impact to legitimate users.

🌐 Internet-Facing: LOW - This is a local-only vulnerability requiring local system access.
🏢 Internal Only: MEDIUM - Internal users with local access could disrupt systems, but requires specific software installation.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploit code is publicly available on GitHub. Requires local access to execute. The vulnerability is in a kernel driver, making exploitation straightforward for local users.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check IObit for updated version beyond 9.4.0.776

Vendor Advisory: Not provided in references, check IObit official website

Restart Required: Yes

Instructions:

1. Open IObit Malware Fighter. 2. Check for updates in settings. 3. Install latest version. 4. Restart computer to ensure new driver loads.

🔧 Temporary Workarounds

Disable or remove vulnerable driver

windows

Temporarily disable or unload the IMFCameraProtect.sys driver

sc stop IMFProtect
sc delete IMFProtect

Restrict access to device

windows

Set restrictive permissions on the driver device object

icacls \\.\IMFProtect /deny Everyone:(R,W)

🧯 If You Can't Patch

  • Implement strict local access controls to prevent unauthorized users from running arbitrary code
  • Monitor for attempts to load or interact with IMFCameraProtect.sys driver

🔍 How to Verify

Check if Vulnerable:

Check if IMFCameraProtect.sys driver version 9.4.0.776 is loaded: driverquery | findstr IMFCameraProtect

Check Version:

Check IObit Malware Fighter version in program interface or via registry: reg query "HKLM\SOFTWARE\IObit\IObit Malware Fighter" /v Version

Verify Fix Applied:

Verify driver version is updated or driver is not loaded: driverquery | findstr IMFCameraProtect

📡 Detection & Monitoring

Log Indicators:

  • System crashes or blue screens
  • Event ID 41 (Kernel-Power) with bugcheck code
  • Driver load failures for IMFCameraProtect.sys

Network Indicators:

  • None - local vulnerability only

SIEM Query:

EventID=41 OR (Source="System" AND EventID=7026 AND "IMFCameraProtect")

📊 Metadata

CVE ID: CVE-2023-1644
CVSS v3 Score: 5.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-404
Published: March 26, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-1644, you might also want to check these:

CVE-2025-38385 7.8

This CVE describes a kernel warning triggered during USB device disconnection in the Linux kernel's ...

Same vulnerability type (CWE-404)
CVE-2022-23033 7.8

This Xen hypervisor vulnerability on ARM systems allows guest virtual machines to retain access to m...

Same vulnerability type (CWE-404)
CVE-2021-0984 7.8

This vulnerability in Android 12 allows local privilege escalation without user interaction. An inco...

Same vulnerability type (CWE-404)