CVE-2020-37221: Stack Overflow in Atomic Alarm Clock
Plataforma
windows
Componente
atomic-alarm-clock
CVE-2020-37221 describes a stack overflow vulnerability found in Atomic Alarm Clock version 6.3. This flaw allows a local attacker to execute arbitrary code, potentially gaining control of the system. The vulnerability stems from improper handling of user input in the Time Zones Clock configuration's display name textbox. A fix is available; users are strongly advised to upgrade.
Impacto e Cenários de Ataquetraduzindo…
The primary impact of CVE-2020-37221 is the ability for a local attacker to execute arbitrary code with the privileges of the Atomic Alarm Clock application. This could lead to complete system compromise, data theft, or the installation of malware. Attackers can leverage structured exception handling overwrite and encoded shellcode to bypass SafeSEH protections, making exploitation more reliable. Successful exploitation requires local access to the affected system, but the potential consequences are severe, potentially allowing attackers to escalate privileges and move laterally within the network if the application has elevated permissions.
Contexto de Exploraçãotraduzindo…
The vulnerability was published on 2026-05-13. Exploitation context is currently limited, and there's no indication of active campaigns targeting this specific vulnerability. The description mentions bypassing SafeSEH protections, which suggests a degree of sophistication required for successful exploitation. It is not currently listed on KEV or EPSS, indicating a low to medium probability of exploitation.
Inteligência de Ameaças
Status do Exploit
CISA SSVC
Vetor CVSS
O que significam essas métricas?
- Attack Vector
- Local — o atacante precisa de sessão local ou shell no sistema.
- Attack Complexity
- Baixa — sem condições especiais. O atacante pode explorar de forma confiável.
- Privileges Required
- Nenhum — sem autenticação necessária para explorar.
- User Interaction
- Nenhuma — ataque automático e silencioso. A vítima não faz nada.
- Scope
- Inalterado — impacto limitado ao componente vulnerável.
- Confidentiality
- Alto — perda total de confidencialidade. O atacante pode ler todos os dados.
- Integrity
- Alto — o atacante pode escrever, modificar ou excluir qualquer dado.
- Availability
- Alto — falha completa ou esgotamento de recursos. Negação de serviço total.
Software Afetado
Classificação de Fraqueza (CWE)
Linha do tempo
- Reservado
- Publicada
Mitigação e Soluções Alternativastraduzindo…
The primary mitigation for CVE-2020-37221 is to upgrade to a patched version of Atomic Alarm Clock. Since a fixed version is not explicitly mentioned in the provided data, consider reverting to a previous known-good version if the upgrade causes instability. As a temporary workaround, restrict access to the Time Zones Clock configuration to trusted users only. Monitor system logs for suspicious activity related to the application, particularly errors or crashes occurring after user input. While a specific Sigma or YARA rule isn't available, monitor for unusual process creation or network connections originating from the Atomic Alarm Clock process.
Como corrigirtraduzindo…
Actualice Atomic Alarm Clock a una versión corregida. Verifique el sitio web del proveedor o las fuentes de descarga oficiales para obtener la última versión. Como no se proporciona una versión corregida, considere desinstalar la aplicación hasta que se publique una actualización.
Perguntas frequentestraduzindo…
What is CVE-2020-37221 — Stack Overflow in Atomic Alarm Clock?
CVE-2020-37221 is a security vulnerability affecting Atomic Alarm Clock version 6.3, allowing a local attacker to execute arbitrary code through a stack overflow in the Time Zones Clock configuration. It has a CVSS score of 8.4 (HIGH).
Am I affected by CVE-2020-37221 in Atomic Alarm Clock?
You are affected if you are running Atomic Alarm Clock version 6.3. Upgrade to a patched version as soon as possible. Check your installed version against known vulnerable versions.
How do I fix CVE-2020-37221 in Atomic Alarm Clock?
The recommended fix is to upgrade to a patched version of Atomic Alarm Clock. If an upgrade is not immediately possible, consider reverting to a previous known-good version or restricting access to the Time Zones Clock configuration.
Is CVE-2020-37221 being actively exploited?
Currently, there is no public information indicating active exploitation of CVE-2020-37221. However, the vulnerability's severity warrants prompt mitigation.
Where can I find the official Atomic Alarm Clock advisory for CVE-2020-37221?
Refer to the Atomic Alarm Clock vendor's website or security advisory page for the official advisory regarding CVE-2020-37221. The publication date is 2026-05-13.
Seu projeto está afetado?
Envie seu arquivo de dependências e descubra na hora se esta e outras CVEs te atingem.
Experimente agora — sem conta
Faça upload de qualquer manifesto (composer.lock, package-lock.json, lista de plugins WordPress…) ou cole sua lista de componentes. Receba um relatório de vulnerabilidades instantaneamente. Fazer upload de um arquivo é só o começo: com uma conta, você obtém monitoramento contínuo, alertas por Slack/email, relatórios multiprojeto e white-label.
Arraste e solte seu arquivo de dependências
composer.lock, package-lock.json, requirements.txt, Gemfile.lock, pubspec.lock, Dockerfile...