CVE-2020-36933
Unquoted Service Path in HTC IPTInstaller Enables Privilege Escalation
Publication date: 2026-01-25
Last updated on: 2026-01-25
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| htc | iptinstaller | 4.0.9 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-428 | The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2020-36933 is an unquoted service path vulnerability in the PassThru Service configuration of HTC IPTInstaller version 4.0.9. Because the service's binary path is not enclosed in quotes, an attacker with local access can place a malicious executable in a path that Windows misinterprets due to spaces in directory names. When the service starts, it may execute the malicious code with elevated LocalSystem privileges, allowing the attacker to run code with high-level system rights. [1, 3]
How can this vulnerability impact me? :
This vulnerability can allow an attacker with local access to escalate their privileges to LocalSystem level by injecting and executing malicious code through the unquoted service path. This means the attacker can gain full control over the affected system, compromising confidentiality, integrity, and availability of the system and its data. [1, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking the service configuration for unquoted service paths. Specifically, you can use the Windows command `sc qc "PassThru Service"` to query the service configuration and look for unquoted paths in the binary path. An unquoted path with spaces, such as `C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe`, indicates the vulnerability. [3]
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, immediately update the service path to be properly quoted to prevent path hijacking. Alternatively, ensure that the service binary path does not contain spaces or move the executable to a path without spaces. Additionally, restrict local access to trusted users only, as the exploit requires local access with low complexity. Applying any available patches or updates from HTC for IPTInstaller 4.0.9 is also recommended. [1, 3]