Home

Description

Wise Care 365 4.27 and Wise Disk Cleaner 9.29 contain unquoted service path vulnerabilities in the WiseBootAssistant and SpyHunter 4 Service respectively, allowing local users to execute arbitrary code with SYSTEM privileges. Attackers can insert malicious executables in the system root path that execute during service startup or system reboot with elevated privileges.

PUBLISHED Reserved 2026-06-19 | Published 2026-06-19 | Updated 2026-06-23 | Assigner VulnCheck




HIGH: 8.5CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
HIGH: 7.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Problem types

Unquoted Search Path or Element

Product status

4.27
affected

9.29
affected

Credits

Tulpa finder

References

www.exploit-db.com/exploits/40417 (ExploitDB-40417) exploit

www.wisecleaner.com (Official Product Homepage) product

www.wisecleaner.com/wise-disk-cleaner.html (Product Reference) product

www.vulncheck.com/...uoted-service-path-privilege-escalation (VulnCheck Advisory: Wise Care 365 4.27 and Wise Disk Cleaner 9.29 Unquoted Service Path Privilege Escalation) third-party-advisory

cve.org (CVE-2016-20093)

nvd.nist.gov (CVE-2016-20093)

Download JSON