CVE-2020-37223
HIGHDescription
IObit Uninstaller 9.5.0.15 contains an unquoted service path vulnerability in the IObitUnSvr service that allows local attackers to escalate privileges to SYSTEM level. Attackers can place a malicious executable named IObit.exe in the C:\Program Files (x86)\IObit directory and restart the service to execute code with SYSTEM privileges.
Is your site exposed to CVE-2020-37223?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
EPSS — Exploit Prediction
EPSS estimates the probability that this vulnerability will be exploited in the wild within the next 30 days. A higher score means more likely to be exploited.
Weakness Type (CWE)
References
Frequently Asked Questions
What is CVE-2020-37223? +
How severe is CVE-2020-37223? +
How do I check if I'm vulnerable to CVE-2020-37223? +
Related Vulnerabilities
The RupsMon and USBMate services in UPSilon 2000 run with SYSTEM privileges and contain unquoted service paths. This allows a …
The CMService.exe service runs with SYSTEM privileges and contains an unquoted service path. This allows a local attacker with write …
The Windows service configuration of ABP and AES contains an unquoted ImagePath registry value vulnerability. This allows a local attacker …
An Unquoted Search Path vulnerability has been identified in the utility for Moxa’s industrial computers (Windows). Due to the unquoted …
The service executable path in Seagate Toolkit on Versions prior to 2.34.0.33 on Windows allows an attacker with Admin privileges …
Flexsense DiskBoss 11.7.28 allows unauthenticated attackers to elevate their privileges using any of its services, enabling remote code execution during …