CVE Catalog

CVE-2020-37254

HighCVSS 7.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.12%

2th percentile - higher than 2% of all known CVEs

Summary

Wondershare PDFelement version 5.2.9 contains a privilege escalation vulnerability due to an unquoted service path in the WsAppService. Local attackers can place a malicious executable in the service path and execute code with LocalSystem privileges upon service restart or system reboot.

Risk Assessment

This vulnerability poses a risk that local attackers can gain system-level privileges, potentially leading to serious security breaches within the organization.

Recommendation

It is recommended to update Wondershare PDFelement to the latest version and to check and secure service paths against unauthorized access.

Original NVD description (English source)

Wondershare PDFelement 5.2.9 contains a privilege escalation vulnerability due to an unquoted service path in the WsAppService Windows service. Local attackers can place a malicious executable in the service path and execute code with LocalSystem privileges upon service restart or system reboot.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS