CVE-2016-20061: sheed AntiVirus Privilege Escalation (2.3)
Platform
windows
Component
sheedantivirus
CVE-2016-20061 is a privilege escalation vulnerability found in sheed AntiVirus versions 2.3 through 2.3. This flaw stems from an unquoted service path within the ShavProt service, enabling local attackers to gain elevated privileges. By strategically placing a malicious executable within this path and triggering a service restart, attackers can execute code with LocalSystem privileges, potentially compromising the entire system. No official patch is currently available.
How to fix
Actualice a una versión corregida de sheed AntiVirus. Esta vulnerabilidad se puede mitigar deshabilitando o eliminando el servicio ShavProt y asegurándose de que la ruta del servicio esté correctamente entre comillas. Consulte la documentación del proveedor para obtener instrucciones específicas.
Frequently asked questions
What is CVE-2016-20061?
CVE-2016-20061 is a privilege escalation vulnerability in sheed AntiVirus 2.3–2.3. It allows a local attacker to execute code with LocalSystem privileges by exploiting an unquoted service path.
Am I affected by CVE-2016-20061?
You are potentially affected if you are running sheed AntiVirus version 2.3 or 2.3. Check your installed version and consider mitigation strategies if a patch is unavailable.
How can I fix or mitigate CVE-2016-20061?
Currently, no official patch is available for CVE-2016-20061. Mitigation strategies may include restricting access to the service binary path and monitoring system logs for suspicious activity.
Monitor your dependencies automatically
Get notified when new vulnerabilities affect your projects. Free forever.
Start free