CVE-2020-37223

Published: Mag 13, 2026 Last Modified: Mag 13, 2026

ExploitDB:

Other exploit source:

Google Dorks:

HIGH 8,5

Source: [email protected]

Attack Vector: local

Attack Complexity: low

Privileges Required: low

User Interaction: none

Confidentiality: N/A

Integrity: N/A

Availability: N/A

HIGH 7,8

Source: [email protected]

Attack Vector: local

Attack Complexity: low

Privileges Required: low

User Interaction: none

Scope: unchanged

Confidentiality: high

Integrity: high

Availability: high

Description

AI Translation Available

IObit Uninstaller 9.5.0.15 contains an unquoted service path vulnerability in the IObitUnSvr service that allows local attackers to escalate privileges to SYSTEM level. Attackers can place a malicious executable named IObit.exe in the C:\Program Files (x86)\IObit directory and restart the service to execute code with SYSTEM privileges.

428

Unquoted Search Path or Element

Draft

Abstraction: Base Structure: Simple

Common Consequences

Security Scopes Affected:

Confidentiality Integrity Availability

Potential Impacts:

Execute Unauthorized Code Or Commands

Applicable Platforms

Operating Systems: Windows NT, macOS

View CWE Details

https://www.exploit-db.com/exploits/48543

https://www.exploit-db.com/exploits/48543

https://www.iobit.com

https://www.iobit.com

https://www.iobit.com/en/advanceduninstaller.php

https://www.iobit.com/en/advanceduninstaller.php

https://www.vulncheck.com/advisories/iobit-uninstaller-unqu…

https://www.vulncheck.com/advisories/iobit-uninstaller-unquoted-service-path-pr…