Scanner gratuitement
Analyse en attenteCVE-2020-37221

CVE-2020-37221: Stack Overflow in Atomic Alarm Clock

Plateforme

windows

Composant

atomic-alarm-clock

Voir sur NVD
Sauvegarder

CVE-2020-37221 describes a stack overflow vulnerability found in Atomic Alarm Clock version 6.3. This flaw allows a local attacker to execute arbitrary code, potentially gaining control of the system. The vulnerability stems from improper handling of user input in the Time Zones Clock configuration's display name textbox. A fix is available; users are strongly advised to upgrade.

Impact et Scénarios d'Attaquetraduction en cours…

The primary impact of CVE-2020-37221 is the ability for a local attacker to execute arbitrary code with the privileges of the Atomic Alarm Clock application. This could lead to complete system compromise, data theft, or the installation of malware. Attackers can leverage structured exception handling overwrite and encoded shellcode to bypass SafeSEH protections, making exploitation more reliable. Successful exploitation requires local access to the affected system, but the potential consequences are severe, potentially allowing attackers to escalate privileges and move laterally within the network if the application has elevated permissions.

Contexte d'Exploitationtraduction en cours…

The vulnerability was published on 2026-05-13. Exploitation context is currently limited, and there's no indication of active campaigns targeting this specific vulnerability. The description mentions bypassing SafeSEH protections, which suggests a degree of sophistication required for successful exploitation. It is not currently listed on KEV or EPSS, indicating a low to medium probability of exploitation.

Renseignement sur les Menaces

Statut de l'Exploit

Preuve de ConceptInconnu
CISA KEVNO
Exposition InternetFaible

CISA SSVC

Exploitationpoc
Automatisableno
Impact Techniquetotal

Vecteur CVSS

RENSEIGNEMENT SUR LES MENACES· CVSS 3.1CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H8.4HIGHAttack VectorLocalComment l'attaquant atteint la cibleAttack ComplexityLowConditions requises pour exploiterPrivileges RequiredNoneNiveau d'authentification requisUser InteractionNoneSi une action de la victime est requiseScopeUnchangedImpact au-delà du composant affectéConfidentialityHighRisque d'exposition de données sensiblesIntegrityHighRisque de modification non autorisée de donnéesAvailabilityHighRisque d'interruption de servicenextguardhq.com · Score de base CVSS v3.1
Que signifient ces métriques?
Attack Vector
Local — l'attaquant a besoin d'une session locale ou d'un shell sur le système.
Attack Complexity
Faible — aucune condition spéciale requise. Exploitable de manière fiable.
Privileges Required
Aucun — sans authentification. Aucune identifiant requis pour exploiter.
User Interaction
Aucune — attaque automatique et silencieuse. La victime ne fait rien.
Scope
Inchangé — impact limité au composant vulnérable.
Confidentiality
Élevé — perte totale de confidentialité. L'attaquant peut lire toutes les données.
Integrity
Élevé — l'attaquant peut écrire, modifier ou supprimer toutes les données.
Availability
Élevé — panne complète ou épuisement des ressources. Déni de service total.

Logiciel Affecté

Composantatomic-alarm-clock
FournisseurDrive-software
Version minimale6.3
Version maximale6.3

Classification de Faiblesse (CWE)

CWE-121

Chronologie

  1. Réservé
  2. Publiée

Mitigation et Contournementstraduction en cours…

The primary mitigation for CVE-2020-37221 is to upgrade to a patched version of Atomic Alarm Clock. Since a fixed version is not explicitly mentioned in the provided data, consider reverting to a previous known-good version if the upgrade causes instability. As a temporary workaround, restrict access to the Time Zones Clock configuration to trusted users only. Monitor system logs for suspicious activity related to the application, particularly errors or crashes occurring after user input. While a specific Sigma or YARA rule isn't available, monitor for unusual process creation or network connections originating from the Atomic Alarm Clock process.

Comment corrigertraduction en cours…

Actualice Atomic Alarm Clock a una versión corregida.  Verifique el sitio web del proveedor o las fuentes de descarga oficiales para obtener la última versión.  Como no se proporciona una versión corregida, considere desinstalar la aplicación hasta que se publique una actualización.

Questions fréquentestraduction en cours…

What is CVE-2020-37221 — Stack Overflow in Atomic Alarm Clock?

CVE-2020-37221 is a security vulnerability affecting Atomic Alarm Clock version 6.3, allowing a local attacker to execute arbitrary code through a stack overflow in the Time Zones Clock configuration. It has a CVSS score of 8.4 (HIGH).

Am I affected by CVE-2020-37221 in Atomic Alarm Clock?

You are affected if you are running Atomic Alarm Clock version 6.3. Upgrade to a patched version as soon as possible. Check your installed version against known vulnerable versions.

How do I fix CVE-2020-37221 in Atomic Alarm Clock?

The recommended fix is to upgrade to a patched version of Atomic Alarm Clock. If an upgrade is not immediately possible, consider reverting to a previous known-good version or restricting access to the Time Zones Clock configuration.

Is CVE-2020-37221 being actively exploited?

Currently, there is no public information indicating active exploitation of CVE-2020-37221. However, the vulnerability's severity warrants prompt mitigation.

Where can I find the official Atomic Alarm Clock advisory for CVE-2020-37221?

Refer to the Atomic Alarm Clock vendor's website or security advisory page for the official advisory regarding CVE-2020-37221. The publication date is 2026-05-13.

Ton projet est-il affecté ?

Téléverse ton fichier de dépendances et découvre instantanément si cette CVE et d'autres te touchent.

Scanner gratuitementRechercher des CVE
en directfree scan

Essayez maintenant — sans compte

scanZone.subtitle

Scan manuelSlack/email alertsContinuous monitoringWhite-label reports

Glissez-déposez votre fichier de dépendances

composer.lock, package-lock.json, requirements.txt, Gemfile.lock, pubspec.lock, Dockerfile...