Vulnerability Description
Acer Global Registration Service 1.0.0.3 contains an unquoted service path vulnerability in its service configuration that allows local users to potentially execute arbitrary code. Attackers can exploit the unquoted path in C:\Program Files (x86)\Acer\Registration\ to inject malicious executables that would run with elevated LocalSystem privileges during service startup.
CVSS Score
HIGH
Related Weaknesses (CWE)
References
- https://www.acer.com/ac/en/US/content/home
- https://www.exploit-db.com/exploits/49142
- https://www.vulncheck.com/advisories/global-registration-service-gregsvcexe-unqu
- https://www.exploit-db.com/exploits/49142
FAQ
What is CVE-2020-36976?
CVE-2020-36976 is a vulnerability with a CVSS score of 7.8 (HIGH). Acer Global Registration Service 1.0.0.3 contains an unquoted service path vulnerability in its service configuration that allows local users to potentially execute arbitrary code. Attackers can explo...
How severe is CVE-2020-36976?
CVE-2020-36976 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-36976?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.