CVE-2016-20090
Received Received - Intake
Privilege Escalation in Comodo Dragon Browser via Unquoted Service Path

Publication date: 2026-06-19

Last updated on: 2026-06-19

Assigner: VulnCheck

Description
Comodo Dragon Browser versions up to 52.15.25.663 contain a privilege escalation vulnerability in the DragonUpdater service due to an unquoted service path running with SYSTEM privileges. A local attacker can insert a malicious executable in the service path and execute arbitrary code with elevated privileges upon service restart or system reboot.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-19
Last Modified
2026-06-19
Generated
2026-06-19
AI Q&A
2026-06-19
EPSS Evaluated
N/A
NVD
CVE-2016-20090
EUVD
EUVD-2016-10903
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
comodo dragon_browser to 52.15.25.663 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-428 The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2016-20090 is a privilege escalation vulnerability found in Comodo Dragon Browser versions up to 52.15.25.663. It exists because the DragonUpdater service runs with SYSTEM privileges and has an unquoted service path. This allows a local attacker to insert a malicious executable into the service path.

When the service restarts or the system reboots, the malicious executable is run with elevated SYSTEM-level privileges, enabling the attacker to execute arbitrary code with high-level access.

Impact Analysis

This vulnerability can allow a local attacker with limited privileges to escalate their privileges to SYSTEM level on the affected machine.

  • Execution of arbitrary code with SYSTEM privileges.
  • Potential full control over the affected system.
  • Compromise of system integrity and security.
Detection Guidance

This vulnerability can be detected by checking if the DragonUpdater service path is unquoted and runs with SYSTEM privileges. Specifically, you need to identify if the service path contains spaces and is not enclosed in quotes, which allows a local attacker to place a malicious executable in the path.

A common method to detect unquoted service paths on Windows systems is to use the command line to query the service configuration and inspect the ImagePath.

  • Run the command: sc qc DragonUpdater
  • Check the output for the BINARY_PATH_NAME field to see if the path is unquoted and contains spaces.
  • Alternatively, use PowerShell to list all services with unquoted paths: Get-WmiObject win32_service | where {$_.PathName -like '* *' -and $_.PathName -notlike '"*"'} | select Name, PathName
Mitigation Strategies

The immediate mitigation step is to update the Comodo Dragon Browser to version 52.15.25.664 or later, where this vulnerability has been fixed.

If updating is not immediately possible, you can manually fix the unquoted service path by quoting the service executable path in the service configuration to prevent execution of malicious executables.

Additionally, restrict local user permissions to prevent unauthorized users from writing files to directories in the service path.

Finally, restart the DragonUpdater service or reboot the system after applying fixes to ensure the changes take effect.

Compliance Impact

The provided information does not specify any direct impact of the CVE-2016-20090 vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2016-20090. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart