CVE-2020-36916

HIGH

TDM Digital Signage PC Player 4.1.0.4 - Privilege Escalation

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-36916. PoCs published by LiquidWorm.

AI-analyzed exploit summary The exploit details an insecure file permission vulnerability in TDM Digital Signage PC Player 4.1, where the 'Authenticated Users' group has modify permissions on critical executables, allowing privilege escalation by replacing them with malicious binaries.

Description

TDM Digital Signage PC Player 4.1.0.4 contains an elevation of privileges vulnerability that allows authenticated users to modify executable files. Attackers can leverage the 'Modify' permissions for authenticated users to replace executable files with malicious binaries and gain elevated system access.

Exploits (1)

exploitdb WRITEUP
by LiquidWorm · textlocalwindows
https://www.exploit-db.com/exploits/48953

The exploit details an insecure file permission vulnerability in TDM Digital Signage PC Player 4.1, where the 'Authenticated Users' group has modify permissions on critical executables, allowing privilege escalation by replacing them with malicious binaries.

Classification
Writeup 90%
Attack Type
Lpe
Complexity
Trivial
Reliability
Reliable
Target: TDM Digital Signage PC Player 4.1.0.4
Auth required
Prerequisites: Authenticated user access to the system
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (7)

Core 7

Scores

CVSS v3 8.8
EPSS 0.0022
EPSS Percentile 13.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact total

Details

CWE
CWE-732
Status published
Published Jan 06, 2026
Tracked Since Feb 18, 2026