Gratis scannen
Analyse in behandelingCVE-2020-37221

CVE-2020-37221: Stack Overflow in Atomic Alarm Clock

Platform

windows

Component

atomic-alarm-clock

Bekijk op NVD
Opslaan

CVE-2020-37221 describes a stack overflow vulnerability found in Atomic Alarm Clock version 6.3. This flaw allows a local attacker to execute arbitrary code, potentially gaining control of the system. The vulnerability stems from improper handling of user input in the Time Zones Clock configuration's display name textbox. A fix is available; users are strongly advised to upgrade.

Impact en Aanvalsscenarioswordt vertaald…

The primary impact of CVE-2020-37221 is the ability for a local attacker to execute arbitrary code with the privileges of the Atomic Alarm Clock application. This could lead to complete system compromise, data theft, or the installation of malware. Attackers can leverage structured exception handling overwrite and encoded shellcode to bypass SafeSEH protections, making exploitation more reliable. Successful exploitation requires local access to the affected system, but the potential consequences are severe, potentially allowing attackers to escalate privileges and move laterally within the network if the application has elevated permissions.

Uitbuitingscontextwordt vertaald…

The vulnerability was published on 2026-05-13. Exploitation context is currently limited, and there's no indication of active campaigns targeting this specific vulnerability. The description mentions bypassing SafeSEH protections, which suggests a degree of sophistication required for successful exploitation. It is not currently listed on KEV or EPSS, indicating a low to medium probability of exploitation.

Dreigingsinformatie

Exploit Status

Proof of ConceptOnbekend
CISA KEVNO
InternetblootstellingLaag

CISA SSVC

Exploitatiepoc
Automatiseerbaarno
Technische Impacttotal

CVSS-vector

DREIGINGSINFORMATIE· CVSS 3.1CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H8.4HIGHAttack VectorLocalHoe de aanvaller het doel bereiktAttack ComplexityLowVereiste omstandigheden om te exploiterenPrivileges RequiredNoneVereist authenticatieniveau voor aanvalUser InteractionNoneOf het slachtoffer actie moet ondernemenScopeUnchangedImpact buiten het getroffen onderdeelConfidentialityHighRisico op blootstelling van gevoelige dataIntegrityHighRisico op ongeautoriseerde gegevenswijzigingAvailabilityHighRisico op verstoring van dienstennextguardhq.com · CVSS v3.1 Basisscore
Wat betekenen deze metrics?
Attack Vector
Lokaal — aanvaller heeft een lokale sessie of shell op het systeem nodig.
Attack Complexity
Laag — geen speciale voorwaarden vereist. Betrouwbaar uitbuitbaar.
Privileges Required
Geen — geen authenticatie vereist om te exploiteren.
User Interaction
Geen — automatische en stille aanval. Slachtoffer doet niets.
Scope
Ongewijzigd — impact beperkt tot het kwetsbare component.
Confidentiality
Hoog — volledig verlies van vertrouwelijkheid. Aanvaller kan alle gegevens lezen.
Integrity
Hoog — aanvaller kan alle gegevens schrijven, aanpassen of verwijderen.
Availability
Hoog — volledige crash of uitputting van resources. Totale denial of service.

Getroffen Software

Componentatomic-alarm-clock
LeverancierDrive-software
Minimumversie6.3
Maximumversie6.3

Zwakheidsclassificatie (CWE)

CWE-121

Tijdlijn

  1. Gereserveerd
  2. Gepubliceerd

Mitigatie en Workaroundswordt vertaald…

The primary mitigation for CVE-2020-37221 is to upgrade to a patched version of Atomic Alarm Clock. Since a fixed version is not explicitly mentioned in the provided data, consider reverting to a previous known-good version if the upgrade causes instability. As a temporary workaround, restrict access to the Time Zones Clock configuration to trusted users only. Monitor system logs for suspicious activity related to the application, particularly errors or crashes occurring after user input. While a specific Sigma or YARA rule isn't available, monitor for unusual process creation or network connections originating from the Atomic Alarm Clock process.

Hoe te verhelpenwordt vertaald…

Actualice Atomic Alarm Clock a una versión corregida.  Verifique el sitio web del proveedor o las fuentes de descarga oficiales para obtener la última versión.  Como no se proporciona una versión corregida, considere desinstalar la aplicación hasta que se publique una actualización.

Veelgestelde vragenwordt vertaald…

What is CVE-2020-37221 — Stack Overflow in Atomic Alarm Clock?

CVE-2020-37221 is a security vulnerability affecting Atomic Alarm Clock version 6.3, allowing a local attacker to execute arbitrary code through a stack overflow in the Time Zones Clock configuration. It has a CVSS score of 8.4 (HIGH).

Am I affected by CVE-2020-37221 in Atomic Alarm Clock?

You are affected if you are running Atomic Alarm Clock version 6.3. Upgrade to a patched version as soon as possible. Check your installed version against known vulnerable versions.

How do I fix CVE-2020-37221 in Atomic Alarm Clock?

The recommended fix is to upgrade to a patched version of Atomic Alarm Clock. If an upgrade is not immediately possible, consider reverting to a previous known-good version or restricting access to the Time Zones Clock configuration.

Is CVE-2020-37221 being actively exploited?

Currently, there is no public information indicating active exploitation of CVE-2020-37221. However, the vulnerability's severity warrants prompt mitigation.

Where can I find the official Atomic Alarm Clock advisory for CVE-2020-37221?

Refer to the Atomic Alarm Clock vendor's website or security advisory page for the official advisory regarding CVE-2020-37221. The publication date is 2026-05-13.

Is jouw project getroffen?

Upload je dependency-bestand en kom direct te weten of deze en andere CVEs jou raken.

Gratis scannenCVEs zoeken
livefree scan

Probeer het nu — geen account

Upload een manifest (composer.lock, package-lock.json, WordPress pluginlijst…) of plak uw componentenlijst. U ontvangt direct een kwetsbaarheidsrapport. Een bestand uploaden is slechts het begin: met een account krijgt u continue monitoring, Slack/e-mail alerts, multi-project en white-label rapporten.

Manual scanSlack/email alertsscanZone.capMonitorWhite-label reports

Sleep uw afhankelijkheidsbestand hierheen

composer.lock, package-lock.json, requirements.txt, Gemfile.lock, pubspec.lock, Dockerfile...