CVE-2020-37055
Unquoted Service Path in SpyHunter 4 Enables Privilege Escalation
Publication date: 2026-02-01
Last updated on: 2026-02-01
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| enigma_software_group | spyhunter | 4 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-428 | The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an unquoted service path issue in SpyHunter 4. Because the service executable path contains spaces and is not enclosed in quotes, a local attacker can place a malicious executable in certain directories along the service path. When the service starts, the system may incorrectly execute the malicious file with elevated system privileges, allowing the attacker to run arbitrary code as a higher-privileged user. [2]
How can this vulnerability impact me? :
If exploited, this vulnerability allows a local attacker to execute arbitrary code with elevated system privileges. This means the attacker can gain higher-level access to the system, potentially leading to full system compromise, unauthorized data access, or disruption of system operations. [2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by identifying the unquoted service path of the 'SpyHunter 4 Service' on Windows systems. You can use Windows Management Instrumentation Command-line (WMIC) and Service Control (sc) commands to check the service executable path and confirm if it is unquoted and contains spaces. For example, use the command `wmic service where "name='SpyHunter 4 Service'" get name,pathname,startmode` to get the service path and start mode, and `sc qc "SpyHunter 4 Service"` to query the service configuration and verify the executable path. [2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include correcting the unquoted service path by enclosing the executable path in quotes to prevent execution of malicious executables placed in the path directories. Additionally, restrict local user permissions to prevent placing malicious files in the service path directories. Monitoring and restricting access to the service executable path and ensuring the service runs with the least privileges necessary can also help reduce risk. [2]