← back
CVE-2016-20093

Wise Care 365 4.27 and Wise Disk Cleaner 9.29 Unquoted Service Path Privilege Escalation

CVSS 8.5 HIGHEPSS 0.1%CWE-428
Wise Care 365 4.27 and Wise Disk Cleaner 9.29 contain unquoted service path vulnerabilities in the WiseBootAssistant and SpyHunter 4 Service respectively, allowing local users to execute arbitrary code with SYSTEM privileges. Attackers can insert malicious executables in the system root path that execute during service startup or system reboot with elevated privileges.
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Affected products
Wisecleaner · Wise Care 365Wisecleaner · Wise Disk Cleaner
public PoCs found1
cve_referencewww.exploit-db.com/exploits/40417unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://www.exploit-db.com/exploits/40417https://www.vulncheck.com/advisories/wise-care-365-and-wise-disk-cleaner-unquoted-service-path-privilege-escalationhttp://www.wisecleaner.comhttp://www.wisecleaner.com/wise-disk-cleaner.html