CVE-2020-37060
Unquoted Service Path LPE in Atomic Alarm Clock
Publication date: 2026-01-30
Last updated on: 2026-01-30
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| drive_software | atomic_alarm_clock | 6.3 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-428 | The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability be detected on my network or system? Can you suggest some commands?
You can detect this vulnerability by checking for unquoted service paths related to Atomic Alarm Clock's service named "AtomicAlarmClock". Specifically, look for the service executable path that is unquoted and includes spaces, which allows path hijacking. On a Windows system, you can use the command: sc qc AtomicAlarmClock to query the service configuration and inspect the binary path for unquoted spaces. Additionally, you can search for the presence of a malicious "Program.exe" in directories along the service path, especially the root of the system drive. [2, 3]
Can you explain this vulnerability to me?
This vulnerability in Atomic Alarm Clock 6.3 is a local privilege escalation issue caused by an unquoted service path in its service configuration. Because the service path is not properly quoted, an attacker with local access can place a malicious executable named 'Program.exe' in a directory along the service path. When the service starts, it may execute this malicious executable with SYSTEM-level privileges, allowing the attacker to run arbitrary code with the highest system privileges and gain persistent system-level access. [2, 3]
How can this vulnerability impact me? :
This vulnerability can allow an attacker with limited local privileges to escalate their privileges to SYSTEM level, which is the highest level of privilege on a Windows system. This means the attacker can execute arbitrary code with full control over the system, potentially leading to persistent unauthorized access, system compromise, data theft, or disruption of system availability. [2, 3]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include correcting the service path by properly quoting the executable path in the service configuration to prevent path hijacking. Alternatively, restrict write permissions on directories along the service path, especially the root of the system drive, to prevent placing malicious executables like "Program.exe". Also, monitor and remove any unauthorized "Program.exe" files in these directories. If possible, update or patch Atomic Alarm Clock to a version that addresses this vulnerability. [2, 3]