CVE-2020-36916
Elevation of Privilege in TDM Digital Signage PC Player
Publication date: 2026-01-06
Last updated on: 2026-01-06
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| trending_digital_marketing | tdm_digital_signage_pc_player | 4.1.0.4 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-732 | The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2020-36916 is a local elevation of privileges vulnerability in TDM Digital Signage PC Player version 4.1.0.4. It occurs because the executable files and main application directory have insecure file permissions that grant 'Modify' or 'Change' rights to the 'Authenticated Users' group. This misconfiguration allows any authenticated user to replace legitimate executable files with malicious binaries, enabling them to execute arbitrary code with elevated system privileges. [2, 3, 4]
How can this vulnerability impact me? :
This vulnerability can allow an authenticated user on the system to escalate their privileges by replacing legitimate executable files with malicious ones. As a result, an attacker could gain unauthorized elevated system access, potentially leading to full control over the affected system, compromising confidentiality, integrity, and availability of the system and its data. [2, 3, 4]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking the file permissions of the TDM Digital Signage PC Player executable files and its main application directory. Specifically, you should verify if the 'Authenticated Users' group has 'Modify' (M) or 'Change' (C) permissions on these files and directories. On a Windows system, you can use the following command to check permissions on the main application directory (e.g., C:\TDMSignage) and executables like Player.exe and unins000.exe: icacls "C:\TDMSignage" Look for entries granting 'M' or 'C' permissions to 'Authenticated Users'. If such permissions are present, the system is vulnerable. [2, 4]
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability immediately, you should remove the 'Modify' or 'Change' permissions granted to the 'Authenticated Users' group on the TDM Digital Signage PC Player executable files and its main application directory. Restrict permissions so that only trusted administrative accounts have write or modify access. This can be done using the icacls command to remove or adjust permissions, for example: icacls "C:\TDMSignage" /remove:g "Authenticated Users" or modify the ACLs to remove 'Modify' rights while retaining necessary read and execute permissions. Additionally, consider applying any vendor patches or updates if available. [2, 3, 4]