CVE-2024-45166 – UCI IDOL2 through version 2.12 contains multipl... (How to Fix)

Q: What is the severity of CVE-2024-45166?

CVE-2024-45166 has a CVSS score of 9.8 (CRITICAL). UCI IDOL2 through version 2.12 contains multiple memory corruption vulnerabilities due to improper input validation, deserialization, and buffer restrictions. Attackers can cause denial-of-service or potentially execute arbitrary code remotely by triggering an access violation and EIP overwrite after five login attempts. All users running IDOL2 up to version 2.12 are affected.

📋 TL;DR

UCI IDOL2 through version 2.12 contains multiple memory corruption vulnerabilities due to improper input validation, deserialization, and buffer restrictions. Attackers can cause denial-of-service or potentially execute arbitrary code remotely by triggering an access violation and EIP overwrite after five login attempts. All users running IDOL2 up to version 2.12 are affected.

💻 Affected Systems

Products:

UCI IDOL2
uciIDOL
IDOL2

Versions: through 2.12

Operating Systems: Windows, Linux

Default Config Vulnerable: ⚠️ Yes

Notes: All installations up to version 2.12 are vulnerable regardless of configuration.

📦 What is this software?

Idol2 by Uci

View all CVEs affecting Idol2 →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with SYSTEM/root privileges leading to complete system compromise.

🟠

Likely Case

Denial-of-service causing application crashes and service disruption.

🟢

If Mitigated

Limited DoS impact with proper network segmentation and monitoring.

🌐 Internet-Facing: HIGH - Attackers can exploit remotely without authentication.

🏢 Internal Only: HIGH - Internal attackers or compromised systems can exploit.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires only five login attempts to trigger memory corruption.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-050.txt

Restart Required: Yes

Instructions:

1. Check vendor website for updates. 2. Download and install patched version. 3. Restart IDOL2 service. 4. Verify successful update.

🔧 Temporary Workarounds

Network Access Restriction

all

Limit access to IDOL2 service to trusted IP addresses only.

# Windows Firewall: New-NetFirewallRule -DisplayName "Block IDOL2" -Direction Inbound -Protocol TCP -LocalPort <IDOL2_PORT> -RemoteAddress <TRUSTED_IPS> -Action Allow
# Linux iptables: iptables -A INPUT -p tcp --dport <IDOL2_PORT> -s <TRUSTED_IPS> -j ACCEPT

Rate Limiting

all

Implement rate limiting on login attempts to prevent triggering the vulnerability.

# Using fail2ban: fail2ban-client set <JAIL_NAME> addlogpath /var/log/idol2.log
# Web server rate limiting: limit_req_zone $binary_remote_addr zone=idol2:10m rate=1r/s;

🧯 If You Can't Patch

Isolate IDOL2 systems in separate network segments with strict firewall rules.
Implement application-layer monitoring for abnormal login patterns and memory access violations.

🔍 How to Verify

Check if Vulnerable:

Check IDOL2 version number in application interface or configuration files. If version is 2.12 or earlier, system is vulnerable.

Check Version:

# Windows: Check program version in Control Panel or registry. # Linux: Check version in /usr/share/idol2/ or application logs.

Verify Fix Applied:

Verify version number is higher than 2.12 and test login functionality with monitoring for crashes.

📡 Detection & Monitoring

Log Indicators:

Multiple failed login attempts (5+) within short timeframe
Application crash logs with memory access violations
EIP register overwrite errors in debug logs

Network Indicators:

Rapid login attempts to IDOL2 service
Abnormal traffic patterns to IDOL2 port

SIEM Query:

source="idol2.log" AND ("access violation" OR "EIP" OR "login failed" count>5 within 60s)

📊 Metadata

CVE ID: CVE-2024-45166

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-400

Published: August 22, 2024

Last Updated: September 3, 2025

🔗 References

http://download.uci.de/idol2/idol2Client_2_12.exe Broken Link
https://uci.de/download/idol2-client.html Product,Release Notes
https://uci.de/products/index.html Product
https://www.syss.de/en/responsible-disclosure-policy Issue Tracking
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-050.txt Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-45166, you might also want to check these: