Vulnerability Description
IObit Uninstaller 9.5.0.15 contains an unquoted service path vulnerability in the IObitUnSvr service that allows local attackers to escalate privileges to SYSTEM level. Attackers can place a malicious executable named IObit.exe in the C:\Program Files (x86)\IObit directory and restart the service to execute code with SYSTEM privileges.
CVSS Score
HIGH
Related Weaknesses (CWE)
References
- https://www.exploit-db.com/exploits/48543
- https://www.iobit.com
- https://www.iobit.com/en/advanceduninstaller.php
- https://www.vulncheck.com/advisories/iobit-uninstaller-unquoted-service-path-pri
FAQ
What is CVE-2020-37223?
CVE-2020-37223 is a vulnerability with a CVSS score of 7.8 (HIGH). IObit Uninstaller 9.5.0.15 contains an unquoted service path vulnerability in the IObitUnSvr service that allows local attackers to escalate privileges to SYSTEM level. Attackers can place a malicious...
How severe is CVE-2020-37223?
CVE-2020-37223 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-37223?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.