CVE-2020-37223

HIGH NVD

CVSS Score 7.8

Severity HIGH

Published May 13, 2026

Vendor unknown

Description

IObit Uninstaller 9.5.0.15 contains an unquoted service path vulnerability in the IObitUnSvr service that allows local attackers to escalate privileges to SYSTEM level. Attackers can place a malicious executable named IObit.exe in the C:\Program Files (x86)\IObit directory and restart the service to execute code with SYSTEM privileges.

References

https://www.exploit-db.com/exploits/48543
https://www.iobit.com
https://www.iobit.com/en/advanceduninstaller.php
https://www.vulncheck.com/advisories/iobit-uninstaller-unquoted-service-path-privilege-escalation