ГлавнаяУязвимости → CVE-2020-36935
7.8высокая

CVE-2020-36935

Описание

KMSpico 17.1.0.0 contains an unquoted service path vulnerability in the Service KMSELDI configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted binary path in C:\Program Files\KMSpico\Service_KMS.exe to inject malicious executables and escalate privileges.

CVSS
Балл7.8 — высокая
ВекторCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Источники
https://official-kmspico.com/https://www.exploit-db.com/exploits/49003https://www.vulncheck.com/advisories/kmspico-service-kmseldi-unquoted-service-path