CVE-2016-20095
8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Summary
Matrix42 Remote Control Host 3.20.0031 contains an unquoted service path vulnerability in the FastViewerRemoteService and FastViewerRemoteProxy services that allows local users to execute arbitrary code with SYSTEM privileges. Attackers can place a malicious executable in the Program Files directory with a crafted name to be executed by the service during startup, gaining elevated privileges.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Matrix42 | Matrix42 Remote Control Host | 3.20.0031 | affected |
Weaknesses
- CWE-428: Unquoted Search Path or Element
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: poc
- Automatable: no
- Technical Impact: total
References
- https://www.exploit-db.com/exploits/39908
- https://www.matrix42.com/
- https://www.vulncheck.com/advisories/matrix42-remote-control-host-unquoted-path-privilege-escalation
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.