Skip to main content

IObit Malware Fighter CVE-2026-12201

| EUVD-2026-36676 LOW
Permission Issues (CWE-275)
2026-06-15 VulDB GHSA-j9g6-3rjm-j8f4
Information Disclosure Malware Fighter
1.9
CVSS 4.0 · Vendor: VulDB

Severity by source

Vendor (VulDB) PRIMARY
1.9 MEDIUM
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
5.3 MEDIUM

Local attack vector and low-privilege requirement confirmed by description and CVSS 4.0; all impact axes low with no scope change.

3.1 AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
4.0 AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Primary rating from Vendor (VulDB).

CVSS VectorVendor: VulDB

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

3
Severity Changed
Jun 15, 2026 - 01:22 NVD
MEDIUM LOW
CVSS changed
Jun 15, 2026 - 01:22 NVD
4.8 (MEDIUM) 1.9 (LOW)
Analysis Generated
Jun 15, 2026 - 00:57 vuln.today

DescriptionCVE.org

A flaw has been found in IObit Malware Fighter up to 13.2.0. Affected by this vulnerability is an unknown functionality of the component DLL Handler. This manipulation causes permission issues. The attack requires local access. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

AnalysisAI

Permission misconfiguration in IObit Malware Fighter's DLL Handler component (versions up to 13.2.0) allows a local low-privileged attacker to exploit insecure resource permissions, resulting in low-severity confidentiality, integrity, and availability impacts. The vulnerability stems from CWE-275 (Improper Permission Assignment for a Resource), and a public proof-of-concept exploit is available via GitHub and a researcher blog post. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Gain local low-privileged user session
Delivery
Enumerate IObit DLL Handler directory permissions
Exploit
Identify world-writable or user-writable DLL path
Execution
Stage malicious or read sensitive DLL
Persist
Trigger DLL load by Malware Fighter service
Impact
Achieve low-level code execution or data disclosure within Malware Fighter process
Sign in to reveal

Vulnerability AssessmentAI

Exploitation Requires an attacker to have local interactive or remote shell access to the target Windows system with at minimum a low-privileged (standard user) account - confirmed by CVSS 4.0 AV:L/PR:L. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The overall real-world risk is moderate-to-low despite the presence of a public exploit. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario A local attacker with a standard Windows user account on a machine running IObit Malware Fighter targets insecurely permissioned DLL files in the DLL Handler component, either reading sensitive data from those files or planting a malicious DLL in the handler's search path. Because the PoC is publicly available at https://nathan2.com/posts/iobit/ and https://github.com/nasawyer7/IObitDriverav, a script-kiddie-level actor could replicate the attack without advanced skills. …
Remediation No vendor-released patch has been identified at time of analysis - IObit did not respond to the researcher's coordinated disclosure, and no patched version is confirmed. … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-12201 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy