Platform
windows
Component
sheedantivirus
Fixed in
2.3.1
CVE-2016-20061 is a privilege escalation vulnerability found in sheed AntiVirus versions 2.3 through 2.3. This flaw stems from an unquoted service path within the ShavProt service, enabling local attackers to gain elevated privileges. By strategically placing a malicious executable within this path and triggering a service restart, attackers can execute code with LocalSystem privileges, potentially compromising the entire system. No official patch is currently available.
CVE-2016-20061 affects sheed AntiVirus version 2.3, presenting an unquoted service path vulnerability in the ShavProt service. This flaw allows local attackers to escalate privileges. An attacker can insert a malicious executable into the unquoted service path and trigger a service restart or system reboot to execute code with LocalSystem privileges, granting complete system control. The lack of quotes in the path allows the system to interpret files in unexpected directories as part of the service path, facilitating malicious code injection. The severity of this vulnerability is high (CVSS 7.8) due to the potential for privilege escalation and the relative ease of exploitation.
Exploitation of CVE-2016-20061 requires local access to the affected system. A local attacker can create a malicious executable file and place it in a location that becomes part of the ShavProt service path. For example, if the service path is 'C:\ShavProt\shavprot.exe', the attacker could place a malicious file named 'shavprot.exe' in the 'C:\' directory. When the ShavProt service restarts or the system reboots, the system will execute the malicious file instead of the legitimate executable, granting the attacker LocalSystem privileges. The simplicity of exploitation makes this vulnerability particularly concerning, especially in systems with weak access controls.
Exploit Status
EPSS
0.01% (2% percentile)
CISA SSVC
CVSS Vector
Unfortunately, there is no official fix provided by the developer of sheed AntiVirus for CVE-2016-20061. The primary mitigation is to uninstall sheed AntiVirus, especially if used in critical environments. As an alternative, if uninstallation is not possible, severely restrict access to the ShavProt service path, limiting write permissions to non-privileged users. Implementing strict access control to the system and monitoring ShavProt service activity can help detect and prevent potential attacks. Migrating to a more up-to-date and actively supported antivirus solution is the best long-term practice. The lack of an official fix underscores the importance of using software with continuous support and security updates.
Actualice a una versión corregida de sheed AntiVirus. Esta vulnerabilidad se puede mitigar deshabilitando o eliminando el servicio ShavProt y asegurándose de que la ruta del servicio esté correctamente entre comillas. Consulte la documentación del proveedor para obtener instrucciones específicas.
Vulnerability analysis and critical alerts directly to your inbox.
It means an attacker can obtain the same permissions as the operating system, allowing them to completely control the system.
No, exploitation requires local access to the system.
It is recommended to uninstall it and migrate to a more secure antivirus solution.
There are no specific tools, but analyzing the configuration of the ShavProt service can reveal the unquoted path.
sheed AntiVirus appears to have stopped receiving support and updates, which explains the lack of a fix.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.