← back
CVE-2020-37254

Wondershare PDFelement 5.2.9 Privilege Escalation via Unquoted Service Path

CVSS 8.5 HIGHEPSS 0.1%CWE-428
Wondershare PDFelement 5.2.9 contains a privilege escalation vulnerability due to an unquoted service path in the WsAppService Windows service. Local attackers can place a malicious executable in the service path and execute code with LocalSystem privileges upon service restart or system reboot.
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Affected products
Wondershare · PDFelement
public PoCs found1
cve_referencewww.exploit-db.com/exploits/40535unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://download.wondershare.com/inst/pdfelement_setup_full1042.exehttps://www.exploit-db.com/exploits/40535https://www.vulncheck.com/advisories/wondershare-pdfelement-privilege-escalation-via-unquoted-service-pathhttps://www.wondershare.com/