ГлавнаяУязвимости → CVE-2020-37223
7.8высокая

CVE-2020-37223

Описание

IObit Uninstaller 9.5.0.15 contains an unquoted service path vulnerability in the IObitUnSvr service that allows local attackers to escalate privileges to SYSTEM level. Attackers can place a malicious executable named IObit.exe in the C:\Program Files (x86)\IObit directory and restart the service to execute code with SYSTEM privileges.

CVSS
Балл7.8 — высокая
ВекторCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Источники
https://www.exploit-db.com/exploits/48543https://www.iobit.comhttps://www.iobit.com/en/advanceduninstaller.phphttps://www.vulncheck.com/advisories/iobit-uninstaller-unquoted-service-path-privilege-escalation