CVE-2024-7325 – This vulnerability in IObit Driver Booster 11.0... (How to Fix)

📋 TL;DR

This vulnerability in IObit Driver Booster 11.0.0.0 allows local attackers to exploit an uncontrolled search path issue in the VCL120.BPL library component. Attackers could potentially execute arbitrary code by placing malicious files in locations the application searches. Only users of this specific software version are affected.

💻 Affected Systems

Products:

IObit Driver Booster

Versions: 11.0.0.0

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects the specific BPL handler component in the VCL120.BPL library. Requires local access to the system.

📦 What is this software?

Driver Booster by Iobit

View all CVEs affecting Driver Booster →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local privilege escalation leading to full system compromise, allowing attackers to install malware, steal credentials, or establish persistence.

🟠

Likely Case

Local user gains elevated privileges to execute arbitrary code within the context of the Driver Booster application.

🟢

If Mitigated

Limited impact with proper user account controls and application sandboxing in place.

🌐 Internet-Facing: LOW - This vulnerability requires local access to exploit.

🏢 Internal Only: HIGH - Local attackers on shared systems or with physical access can exploit this vulnerability.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires local access and knowledge of the vulnerable search path. No public exploit code has been identified.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None available

Restart Required: No

Instructions:

1. Check IObit website for updated version of Driver Booster
2. Uninstall current version if no patch available
3. Consider alternative driver update solutions

🔧 Temporary Workarounds

Remove vulnerable software

windows

Uninstall IObit Driver Booster 11.0.0.0 to eliminate the vulnerability

Control Panel > Programs > Uninstall a program > Select IObit Driver Booster > Uninstall

Restrict file permissions

windows

Set strict permissions on directories the application searches to prevent malicious file placement

icacls "C:\Program Files\IObit\Driver Booster" /deny Users:(OI)(CI)W

🧯 If You Can't Patch

Remove local user access to vulnerable systems
Implement application whitelisting to prevent unauthorized executables

🔍 How to Verify

Check if Vulnerable:

Check installed programs for IObit Driver Booster version 11.0.0.0

Check Version:

wmic product where "name like 'IObit Driver Booster%'" get version

Verify Fix Applied:

Verify the software is either updated to a newer version or completely uninstalled

📡 Detection & Monitoring

Log Indicators:

Unusual process creation from Driver Booster directory
Failed attempts to access restricted directories

Network Indicators:

Not applicable - local vulnerability only

SIEM Query:

Process Creation where Image contains "Driver Booster" and CommandLine contains unusual parameters

📊 Metadata

CVE ID: CVE-2024-7325

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-427

Published: July 31, 2024

Last Updated: September 11, 2024

🔗 References

https://vuldb.com/?ctiid.273248 Permissions Required
https://vuldb.com/?id.273248 Third Party Advisory
https://vuldb.com/?submit.378139 Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-7325, you might also want to check these: