CVE-2016-20093

HIGH

Wise Care 365 4.27 and Wise Disk Cleaner 9.29 Unquoted Service Path Privilege Escalation

Title source: cna

Exploitation Summary

EIP tracks 1 public exploit for CVE-2016-20093. PoCs published by Tulpa.

AI-analyzed exploit summary This is a technical writeup detailing an unquoted service path privilege escalation vulnerability in Wisecleaner Software (Wise Care 365 4.27 and Wise Disk Cleaner 9.29). The vulnerability allows local users to execute arbitrary code with SYSTEM privileges by exploiting improperly quoted service paths.

Description

Wise Care 365 4.27 and Wise Disk Cleaner 9.29 contain unquoted service path vulnerabilities in the WiseBootAssistant and SpyHunter 4 Service respectively, allowing local users to execute arbitrary code with SYSTEM privileges. Attackers can insert malicious executables in the system root path that execute during service startup or system reboot with elevated privileges.

Exploits (1)

exploitdb WRITEUP

by Tulpa · textlocalwindows

https://www.exploit-db.com/exploits/40417

View Code ZIP pw:eip

This is a technical writeup detailing an unquoted service path privilege escalation vulnerability in Wisecleaner Software (Wise Care 365 4.27 and Wise Disk Cleaner 9.29). The vulnerability allows local users to execute arbitrary code with SYSTEM privileges by exploiting improperly quoted service paths.

Classification

Writeup 90%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: Wise Care 365 4.27, Wise Disk Cleaner 9.29

Auth required

Prerequisites: Local user access · Ability to write to system root path

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1548 - Abuse Elevation Control Mechanism

devstral-2 · analyzed Jun 19, 2026 Full analysis →

References (4)

Core 4

Core References

Exploit exploit

ExploitDB-40417

https://www.exploit-db.com/exploits/40417

Product product

Official Product Homepage

http://www.wisecleaner.com

Product product

Product Reference

http://www.wisecleaner.com/wise-disk-cleaner.html

Third Party Advisory third-party-advisory

VulnCheck Advisory: Wise Care 365 4.27 and Wise Disk Cleaner 9.29 Unquoted Service Path Privilege Escalation

https://www.vulncheck.com/advisories/wise-care-365-and-wise-disk-cleaner-unquoted-service-path-privilege-escalation

Scores

CVSS v3 7.8

EPSS 0.0012

EPSS Percentile 2.1%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-428

Status published

Products (3)

Wise/Wisecleaner 9.29

Wisecleaner/Wise Care 365 4.27

Wisecleaner/Wise Disk Cleaner 9.29

Published Jun 19, 2026

Tracked Since Jun 19, 2026