← Retour aux CVEs
CVE-2016-20059
HIGH7.8
Description
IObit Malware Fighter 4.3.1 contains an unquoted service path vulnerability in the IMFservice and LiveUpdateSvc services that allows local attackers to escalate privileges. Attackers can insert a malicious executable file in the unquoted service path and trigger privilege escalation when the service restarts or the system reboots, executing code with LocalSystem privileges.
Details CVE
Score CVSS v3.17.8
SeveriteHIGH
Vecteur CVSSCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Vecteur d'attaqueLOCAL
ComplexiteLOW
Privileges requisLOW
Interaction utilisateurNONE
Publie4/4/2026
Derniere modification4/4/2026
Sourcenvd
Observations honeypot0
Faiblesses (CWE)
CWE-428
References
http://www.iobit.com/downloadcenter.php?product=malware-fighter-free(disclosure@vulncheck.com)
http://www.iobit.com/en/index.php(disclosure@vulncheck.com)
https://www.exploit-db.com/exploits/40525(disclosure@vulncheck.com)
https://www.vulncheck.com/advisories/iobit-malware-fighter-unquoted-service-path-privilege-escalation(disclosure@vulncheck.com)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.