CVE-2020-8950

HIGH

AMD User Experience Program < 1.0.0.1 - Privilege Escalation via Symbolic Link in Upload Directory

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-8950. PoCs published by sailay1996.

AI-analyzed exploit summary This repository references a privilege escalation vulnerability (CVE-2020-8950) in AMD's User Experience Program Launcher, specifically a FileWrite EoP (Elevation of Privilege). It links to external blog posts for technical details but does not contain exploit code itself.

Description

The AUEPLauncher service in Radeon AMD User Experience Program Launcher through 1.0.0.1 on Windows allows elevation of privilege by placing a crafted file in %PROGRAMDATA%\AMD\PPC\upload and then creating a symbolic link in %PROGRAMDATA%\AMD\PPC\temp that points to an arbitrary folder with an arbitrary file name.

Exploits (1)

nomisec WRITEUP 29 stars
by sailay1996 · poc
https://github.com/sailay1996/amd_eop_poc

This repository references a privilege escalation vulnerability (CVE-2020-8950) in AMD's User Experience Program Launcher, specifically a FileWrite EoP (Elevation of Privilege). It links to external blog posts for technical details but does not contain exploit code itself.

Classification
Writeup 80%
Attack Type
Lpe
Complexity
Moderate
Reliability
Theoretical
Target: AMD User Experience Program Launcher (Radeon Software)
No auth needed
Prerequisites: Local access to the target system · Presence of vulnerable AMD software
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (2)

Core 2

Scores

CVSS v3 7.8
EPSS 0.0099
EPSS Percentile 58.1%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-59
Status published
Products (1)
amd/user_experience_program < 1.0.0.1
Published Feb 12, 2020
Tracked Since Feb 18, 2026