CVE-2020-36952
Unknown Unknown - Not Provided
Unquoted Service Path Vulnerability in IObit Uninstaller Enables Privilege Escalation

Publication date: 2026-01-26

Last updated on: 2026-01-26

Assigner: VulnCheck

Description
IObit Uninstaller 10 Pro contains an unquoted service path vulnerability that allows local users to potentially execute code with elevated system privileges. Attackers can exploit the unquoted service path in the IObit Uninstaller Service to insert malicious code that would execute with SYSTEM-level permissions during service startup.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-26
Last Modified
2026-01-26
Generated
2026-06-16
AI Q&A
2026-01-26
EPSS Evaluated
2026-06-15
NVD
CVE-2020-36952
EUVD
EUVD-2020-30855
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
iobit iobit_uninstaller 10
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-428 The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is an unquoted service path issue in IObit Uninstaller 10 Pro. The service executable path contains spaces but is not enclosed in quotation marks, which causes Windows to misinterpret the path. This allows a local attacker to insert malicious code into higher-priority directories that Windows executes during service startup. As a result, the attacker can execute arbitrary code with SYSTEM-level privileges. [2, 3]

Impact Analysis

If exploited, this vulnerability allows a local attacker to execute code with elevated SYSTEM-level privileges on the affected machine. This means the attacker can gain full control over the system, potentially installing malware, stealing data, or disrupting system operations. [2, 3]

Detection Guidance

You can detect this vulnerability by checking for unquoted service paths in the IObit Uninstaller Service. Specifically, look for the service named "IObitUnSvr" and verify if its executable path contains spaces but is not enclosed in quotation marks. On a Windows system, you can use the following command in an elevated command prompt or PowerShell to list services with unquoted paths: sc qc IObitUnSvr If the BINARY_PATH_NAME output contains spaces and is not enclosed in quotes, the service is vulnerable. Alternatively, you can use PowerShell to find all services with unquoted paths containing spaces: Get-WmiObject win32_service | Where-Object { $_.PathName -match ' ' -and $_.PathName -notmatch '"' } | Select-Object Name, PathName This will help identify services with unquoted paths that could be exploited. [3]

Mitigation Strategies

To mitigate this vulnerability, immediately enclose the service executable path in quotation marks to prevent Windows from misinterpreting the path. For the IObit Uninstaller Service "IObitUnSvr", update the service configuration so that the binary path is quoted, for example: "C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe" This prevents attackers from inserting malicious executables in higher-priority directories. Additionally, restrict local user permissions to prevent unauthorized file writes in system paths. Applying the latest patches or updates from IObit, if available, is also recommended. [3]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2020-36952. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart