{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/tags/cve-2020-37232/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":7.8,"id":"CVE-2020-37232"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["Advanced System Care Service"],"_cs_severities":["high"],"_cs_tags":["privilege-escalation","unquoted service path","cve-2020-37232"],"_cs_type":"advisory","_cs_vendors":["IObit"],"content_html":"\u003cp\u003eAdvanced System Care Service version 13.0.0.157 is vulnerable to an unquoted service path vulnerability, identified as CVE-2020-37232. This flaw exists within the AdvancedSystemCareService13 service binary path. A local attacker can exploit this vulnerability to achieve privilege escalation. By placing a malicious executable in the system root path (e.g., C:), the attacker can have it executed with LocalSystem privileges during the service startup or a system reboot. This allows for arbitrary code execution with elevated permissions. Defenders should monitor for unexpected file creation and service executions from unusual locations to mitigate this threat.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker identifies that the AdvancedSystemCareService13 service is installed and running.\u003c/li\u003e\n\u003cli\u003eThe attacker confirms that the service\u0026rsquo;s binary path is unquoted (e.g., C:\\Program Files\\IObit\\Advanced SystemCare\\AdvancedSystemCareService13.exe).\u003c/li\u003e\n\u003cli\u003eThe attacker places a malicious executable named \u0026ldquo;Program.exe\u0026rdquo; in the C:\\ directory.\u003c/li\u003e\n\u003cli\u003eThe operating system, when attempting to execute the service, parses \u0026ldquo;C:\\Program\u0026rdquo; as the executable path due to the missing quotes.\u003c/li\u003e\n\u003cli\u003eThe malicious \u0026ldquo;Program.exe\u0026rdquo; is executed with LocalSystem privileges.\u003c/li\u003e\n\u003cli\u003eThe attacker leverages the LocalSystem privileges to perform actions such as installing malware, modifying system settings, or creating new administrative accounts.\u003c/li\u003e\n\u003cli\u003eThe attacker achieves persistence by creating a scheduled task or modifying registry keys to ensure continued access to the compromised system.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability allows a local attacker to gain full control of the affected system. This can lead to complete system compromise, data theft, and the installation of persistent backdoors. While the source doesn\u0026rsquo;t specify the number of affected systems, any system running Advanced System Care Service 13.0.0.157 is potentially vulnerable. The impact is especially critical in environments where Advanced System Care is deployed on sensitive systems.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDeploy the Sigma rule \u0026ldquo;Detect Unquoted Service Path Exploitation\u0026rdquo; to identify potential attempts to exploit this vulnerability by monitoring for process creations from the root directory (C:).\u003c/li\u003e\n\u003cli\u003eAudit installed services for unquoted paths using tools like \u003ccode\u003eGet-WmiObject win32_service | select Name, PathName\u003c/code\u003e in PowerShell and remediate by adding quotes around the service path.\u003c/li\u003e\n\u003cli\u003eMonitor file creation in the root directory (C:) for suspicious executables using file integrity monitoring tools.\u003c/li\u003e\n\u003cli\u003eConsider upgrading Advanced System Care to a version that addresses the unquoted service path vulnerability, if available.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-16T16:18:32Z","date_published":"2026-05-16T16:18:32Z","id":"https://feed.craftedsignal.io/briefs/2026-05-cve-2020-37232-asc-unquoted-path/","summary":"Advanced System Care Service 13.0.0.157 suffers from an unquoted service path vulnerability allowing local attackers to escalate privileges by placing a malicious executable in the system root path.","title":"CVE-2020-37232 - Advanced System Care Unquoted Service Path Vulnerability","url":"https://feed.craftedsignal.io/briefs/2026-05-cve-2020-37232-asc-unquoted-path/"}],"language":"en","title":"CraftedSignal Threat Feed — Cve-2020-37232","version":"https://jsonfeed.org/version/1.1"}