CVE-2020-37232

HIGH

Advanced System Care Service 13.0.0.157 Unquoted Service Path Privilege Escalation

Title source: cna

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-37232. PoCs published by Jair Amezcua.

AI-analyzed exploit summary This is a technical writeup describing an unquoted service path vulnerability in Advanced SystemCare Service 13. The vulnerability allows local privilege escalation if an attacker can place executable code in a path that the service attempts to run due to improper quoting.

Description

Advanced System Care Service 13.0.0.157 contains an unquoted service path vulnerability in the AdvancedSystemCareService13 service binary path that allows local attackers to escalate privileges. Attackers can place malicious executables in the system root path that will be executed with LocalSystem privileges during service startup or system reboot.

Exploits (1)

exploitdb WRITEUP

by Jair Amezcua · textlocalwindows

https://www.exploit-db.com/exploits/49049

View Code ZIP pw:eip

This is a technical writeup describing an unquoted service path vulnerability in Advanced SystemCare Service 13. The vulnerability allows local privilege escalation if an attacker can place executable code in a path that the service attempts to run due to improper quoting.

Classification

Writeup 90%

Attack Type

Lpe

Complexity

Moderate

Reliability

Theoretical

Target: Advanced SystemCare Service 13 v13.0.0.157

Auth required

Prerequisites: Local access to the system · Ability to write to a directory in the unquoted path

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1548 - Abuse Elevation Control Mechanism

devstral-2 · analyzed May 16, 2026 Full analysis →

References (4)

Core 4

Core References

Exploit exploit

ExploitDB-49049

https://www.exploit-db.com/exploits/49049

Product product

Official Product Homepage

https://www.iobit.com

Product product

Product Reference

https://www.iobit.com/es/advancedsystemcarepro.php

Third Party Advisory third-party-advisory

VulnCheck Advisory: Advanced System Care Service 13.0.0.157 Unquoted Service Path Privilege Escalation

https://www.vulncheck.com/advisories/advanced-system-care-service-unquoted-service-path-privilege-escalation

Scores

CVSS v3 7.8

EPSS 0.0012

EPSS Percentile 1.9%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-428

Status published

Products (1)

Iobit/Advanced System Care Service 13.0.0.157

Published May 16, 2026

Tracked Since May 16, 2026