{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/tags/cve-2020-37223/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":7.8,"id":"CVE-2020-37223"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["Uninstaller 9.5.0.15"],"_cs_severities":["high"],"_cs_tags":["privilege-escalation","unquoted service path","cve-2020-37223"],"_cs_type":"advisory","_cs_vendors":["IObit"],"content_html":"\u003cp\u003eIObit Uninstaller version 9.5.0.15 is vulnerable to an unquoted service path vulnerability (CVE-2020-37223) affecting the IObitUnSvr service. This flaw enables a local attacker to achieve SYSTEM-level privilege escalation. The vulnerability stems from the lack of proper quoting around the service\u0026rsquo;s executable path, which allows the operating system to misinterpret the path and execute arbitrary code from attacker-controlled locations. This vulnerability was reported on May 13, 2026, and is considered a high-severity issue due to its potential for complete system compromise. Successful exploitation requires the attacker to have local access to the system.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker gains local access to the target system.\u003c/li\u003e\n\u003cli\u003eAttacker identifies the vulnerable service, IObitUnSvr, and its unquoted service path.\u003c/li\u003e\n\u003cli\u003eAttacker places a malicious executable named \u003ccode\u003eIObit.exe\u003c/code\u003e in the \u003ccode\u003eC:\\Program Files (x86)\\IObit\u003c/code\u003e directory.\u003c/li\u003e\n\u003cli\u003eAttacker restarts the \u003ccode\u003eIObitUnSvr\u003c/code\u003e service. This can be achieved through the Services control panel (\u003ccode\u003eservices.msc\u003c/code\u003e) or via command-line tools like \u003ccode\u003enet stop IObitUnSvr\u003c/code\u003e followed by \u003ccode\u003enet start IObitUnSvr\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eDue to the unquoted service path, when the service attempts to start, Windows executes the attacker-controlled \u003ccode\u003eIObit.exe\u003c/code\u003e with SYSTEM privileges.\u003c/li\u003e\n\u003cli\u003eThe malicious \u003ccode\u003eIObit.exe\u003c/code\u003e performs actions as the SYSTEM user, granting the attacker elevated control over the system.\u003c/li\u003e\n\u003cli\u003eAttacker leverages elevated privileges to install malware, modify system configurations, or exfiltrate sensitive data.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability allows a local attacker to escalate their privileges to SYSTEM. This can lead to complete compromise of the affected system, allowing the attacker to install programs, view, change, or delete data, or create new accounts with full administrative rights. There is no specific information about observed damage or targeted sectors included in this report.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply the Sigma rule \u003ccode\u003eDetect IObit Uninstaller Unquoted Service Path Privilege Escalation\u003c/code\u003e to detect the creation of a malicious executable named \u003ccode\u003eIObit.exe\u003c/code\u003e in the \u003ccode\u003eC:\\Program Files (x86)\\IObit\u003c/code\u003e directory.\u003c/li\u003e\n\u003cli\u003eApply the Sigma rule \u003ccode\u003eDetect IObitUnSvr Service Start with Malicious Executable\u003c/code\u003e to detect when the \u003ccode\u003eIObitUnSvr\u003c/code\u003e service starts a malicious executable due to the unquoted service path.\u003c/li\u003e\n\u003cli\u003eUpgrade IObit Uninstaller to a version that addresses CVE-2020-37223.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-13T16:30:22Z","date_published":"2026-05-13T16:30:22Z","id":"https://feed.craftedsignal.io/briefs/2026-05-cve-2020-37223-iobit-uninstaller-unquoted-service-path/","summary":"IObit Uninstaller 9.5.0.15 contains an unquoted service path vulnerability in the IObitUnSvr service, allowing local attackers to escalate privileges to SYSTEM by placing a malicious executable in the service's path.","title":"CVE-2020-37223 - IObit Uninstaller Unquoted Service Path Privilege Escalation","url":"https://feed.craftedsignal.io/briefs/2026-05-cve-2020-37223-iobit-uninstaller-unquoted-service-path/"}],"language":"en","title":"CraftedSignal Threat Feed — Cve-2020-37223","version":"https://jsonfeed.org/version/1.1"}