CVE-2020-37221: Stack Overflow in Atomic Alarm Clock
Plattform
windows
Komponente
atomic-alarm-clock
CVE-2020-37221 describes a stack overflow vulnerability found in Atomic Alarm Clock version 6.3. This flaw allows a local attacker to execute arbitrary code, potentially gaining control of the system. The vulnerability stems from improper handling of user input in the Time Zones Clock configuration's display name textbox. A fix is available; users are strongly advised to upgrade.
Auswirkungen und Angriffsszenarienwird übersetzt…
The primary impact of CVE-2020-37221 is the ability for a local attacker to execute arbitrary code with the privileges of the Atomic Alarm Clock application. This could lead to complete system compromise, data theft, or the installation of malware. Attackers can leverage structured exception handling overwrite and encoded shellcode to bypass SafeSEH protections, making exploitation more reliable. Successful exploitation requires local access to the affected system, but the potential consequences are severe, potentially allowing attackers to escalate privileges and move laterally within the network if the application has elevated permissions.
Ausnutzungskontextwird übersetzt…
The vulnerability was published on 2026-05-13. Exploitation context is currently limited, and there's no indication of active campaigns targeting this specific vulnerability. The description mentions bypassing SafeSEH protections, which suggests a degree of sophistication required for successful exploitation. It is not currently listed on KEV or EPSS, indicating a low to medium probability of exploitation.
Bedrohungsanalyse
Exploit-Status
CISA SSVC
CVSS-Vektor
Was bedeuten diese Metriken?
- Attack Vector
- Lokal — Angreifer benötigt eine lokale Sitzung oder Shell auf dem System.
- Attack Complexity
- Niedrig — keine besonderen Bedingungen erforderlich. Zuverlässig ausnutzbar.
- Privileges Required
- Keine — ohne Authentifizierung ausnutzbar. Keine Zugangsdaten erforderlich.
- User Interaction
- Keine — automatischer und lautloser Angriff. Das Opfer tut nichts.
- Scope
- Unverändert — Auswirkung auf das anfällige Komponente beschränkt.
- Confidentiality
- Hoch — vollständiger Vertraulichkeitsverlust. Angreifer kann alle Daten lesen.
- Integrity
- Hoch — Angreifer kann beliebige Daten schreiben, ändern oder löschen.
- Availability
- Hoch — vollständiger Absturz oder Ressourcenerschöpfung. Totaler Denial of Service.
Betroffene Software
Schwachstellen-Klassifikation (CWE)
Zeitleiste
- Reserviert
- Veröffentlicht
Mitigation und Workaroundswird übersetzt…
The primary mitigation for CVE-2020-37221 is to upgrade to a patched version of Atomic Alarm Clock. Since a fixed version is not explicitly mentioned in the provided data, consider reverting to a previous known-good version if the upgrade causes instability. As a temporary workaround, restrict access to the Time Zones Clock configuration to trusted users only. Monitor system logs for suspicious activity related to the application, particularly errors or crashes occurring after user input. While a specific Sigma or YARA rule isn't available, monitor for unusual process creation or network connections originating from the Atomic Alarm Clock process.
So behebenwird übersetzt…
Actualice Atomic Alarm Clock a una versión corregida. Verifique el sitio web del proveedor o las fuentes de descarga oficiales para obtener la última versión. Como no se proporciona una versión corregida, considere desinstalar la aplicación hasta que se publique una actualización.
Häufig gestellte Fragenwird übersetzt…
What is CVE-2020-37221 — Stack Overflow in Atomic Alarm Clock?
CVE-2020-37221 is a security vulnerability affecting Atomic Alarm Clock version 6.3, allowing a local attacker to execute arbitrary code through a stack overflow in the Time Zones Clock configuration. It has a CVSS score of 8.4 (HIGH).
Am I affected by CVE-2020-37221 in Atomic Alarm Clock?
You are affected if you are running Atomic Alarm Clock version 6.3. Upgrade to a patched version as soon as possible. Check your installed version against known vulnerable versions.
How do I fix CVE-2020-37221 in Atomic Alarm Clock?
The recommended fix is to upgrade to a patched version of Atomic Alarm Clock. If an upgrade is not immediately possible, consider reverting to a previous known-good version or restricting access to the Time Zones Clock configuration.
Is CVE-2020-37221 being actively exploited?
Currently, there is no public information indicating active exploitation of CVE-2020-37221. However, the vulnerability's severity warrants prompt mitigation.
Where can I find the official Atomic Alarm Clock advisory for CVE-2020-37221?
Refer to the Atomic Alarm Clock vendor's website or security advisory page for the official advisory regarding CVE-2020-37221. The publication date is 2026-05-13.
Ist dein Projekt betroffen?
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Jetzt testen — kein Konto
Laden Sie ein Manifest hoch (composer.lock, package-lock.json, WordPress Plugin-Liste…) oder fügen Sie Ihre Komponentenliste ein. Sie erhalten sofort einen Schwachstellenbericht. Das Hochladen einer Datei ist nur der Anfang: Mit einem Konto erhalten Sie kontinuierliche Überwachung, Slack/email-Benachrichtigungen, Multi-Projekt- und White-Label-Berichte.
Abhängigkeitsdatei hier ablegen
composer.lock, package-lock.json, requirements.txt, Gemfile.lock, pubspec.lock, Dockerfile...