CVE-2016-20093
Received Received - Intake
Wise Care 365 Unquoted Service Path Privilege Escalation

Publication date: 2026-06-19

Last updated on: 2026-06-19

Assigner: VulnCheck

Description
Wise Care 365 4.27 and Wise Disk Cleaner 9.29 contain unquoted service path vulnerabilities in the WiseBootAssistant and SpyHunter 4 Service respectively, allowing local users to execute arbitrary code with SYSTEM privileges. Attackers can insert malicious executables in the system root path that execute during service startup or system reboot with elevated privileges.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-19
Last Modified
2026-06-19
Generated
2026-06-19
AI Q&A
2026-06-19
EPSS Evaluated
N/A
NVD
CVE-2016-20093
EUVD
EUVD-2016-10906
Affected Vendors & Products
Showing 4 associated CPEs
Vendor Product Version / Range
wise_care wise_care_365 4.27
wise_disk_cleaner wise_disk_cleaner 9.29
wisecleaner wise_care_365 4.27
wisecleaner wise_disk_cleaner 9.29
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-428 The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2016-20093 is an unquoted service path vulnerability found in Wise Care 365 version 4.27 and Wise Disk Cleaner version 9.29. It affects the WiseBootAssistant and SpyHunter 4 Service components respectively. Because the service paths are not enclosed in quotes, a local attacker can place malicious executable files in the system root path. During system startup or reboot, the operating system may mistakenly execute the attacker's malicious executable instead of the legitimate service, allowing the attacker to run arbitrary code with SYSTEM-level privileges.

Impact Analysis

This vulnerability allows a local attacker to escalate their privileges to SYSTEM level by executing arbitrary code during service startup or system reboot. This means the attacker can gain full control over the affected system, potentially installing malware, stealing sensitive data, modifying system settings, or disrupting system operations.

Detection Guidance

This vulnerability involves unquoted service paths in the WiseBootAssistant and SpyHunter 4 services, which can be detected by checking the service executable paths for missing quotes.

To detect the vulnerability on a Windows system, you can list the services and inspect their executable paths for unquoted spaces. For example, use the following command in an elevated Command Prompt or PowerShell:

  • sc qc WiseBootAssistant
  • sc qc SpyHunter4Service

Look for the "BINARY_PATH_NAME" field in the output. If the path contains spaces and is not enclosed in quotes, the service is vulnerable.

Alternatively, you can use PowerShell to find all services with unquoted paths:

  • Get-WmiObject win32_service | Where-Object { $_.PathName -match ' ' -and $_.PathName -notmatch '"' } | Select-Object Name, PathName

This command lists services whose executable paths contain spaces but are not quoted, indicating potential vulnerability.

Mitigation Strategies

To mitigate this unquoted service path vulnerability, immediately ensure that the service executable paths are properly quoted to prevent execution of malicious files.

You can fix the service path by editing the registry or using the sc command to update the service configuration with quoted paths.

  • Use the command: sc config WiseBootAssistant binPath= ""C:\Program Files\WiseCare365\WiseBootAssistant.exe""
  • Use the command: sc config SpyHunter4Service binPath= ""C:\Program Files\WiseDiskCleaner\SpyHunter4.exe""

Additionally, restrict write permissions on the directories in the service path to prevent attackers from placing malicious executables.

As a general best practice, keep the affected software updated to versions where this vulnerability is patched or no longer present.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2016-20093. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart