CVE-2020-36977 | THREATINT

Description

Wondershare Driver Install Service contains an unquoted service path vulnerability in the ElevationService executable that allows local attackers to potentially inject malicious code. Attackers can exploit the unquoted path to replace the service binary with a malicious executable, enabling privilege escalation to LocalSystem account.

PUBLISHED Reserved 2026-01-27 | Published 2026-01-27 | Updated 2026-01-29 | Assigner VulnCheck

HIGH: 8.5CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

HIGH: 7.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Problem types

Unquoted Search Path or Element

Product status

10.7.1.321

affected

Credits

Luis Sandoval finder

References

www.exploit-db.com/exploits/49101 exploit

www.exploit-db.com/exploits/49101 (ExploitDB-49101) exploit

www.wondershare.com/ (Vendor Homepage) product

www.wondershare.com/drfone/ (Software Product Page) product

www.vulncheck.com/...p-elevationservice-unquote-service-path (VulnCheck Advisory: Wondershare Driver Install Service help 10.7.1.321 - 'ElevationService' Unquote Service Path) third-party-advisory

cve.org (CVE-2020-36977)

nvd.nist.gov (CVE-2020-36977)

Download JSON