免费扫描
分析待定CVE-2020-37221

CVE-2020-37221: Stack Overflow in Atomic Alarm Clock

平台

windows

组件

atomic-alarm-clock

在NVD查看
保存

CVE-2020-37221 describes a stack overflow vulnerability found in Atomic Alarm Clock version 6.3. This flaw allows a local attacker to execute arbitrary code, potentially gaining control of the system. The vulnerability stems from improper handling of user input in the Time Zones Clock configuration's display name textbox. A fix is available; users are strongly advised to upgrade.

影响与攻击场景翻译中…

The primary impact of CVE-2020-37221 is the ability for a local attacker to execute arbitrary code with the privileges of the Atomic Alarm Clock application. This could lead to complete system compromise, data theft, or the installation of malware. Attackers can leverage structured exception handling overwrite and encoded shellcode to bypass SafeSEH protections, making exploitation more reliable. Successful exploitation requires local access to the affected system, but the potential consequences are severe, potentially allowing attackers to escalate privileges and move laterally within the network if the application has elevated permissions.

利用背景翻译中…

The vulnerability was published on 2026-05-13. Exploitation context is currently limited, and there's no indication of active campaigns targeting this specific vulnerability. The description mentions bypassing SafeSEH protections, which suggests a degree of sophistication required for successful exploitation. It is not currently listed on KEV or EPSS, indicating a low to medium probability of exploitation.

威胁情报

漏洞利用状态

概念验证未知
CISA KEVNO
互联网暴露

CISA SSVC

利用情况poc
可自动化no
技术影响total

CVSS 向量

威胁情报· CVSS 3.1CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H8.4HIGHAttack VectorLocal攻击者如何到达目标Attack ComplexityLow利用漏洞所需的条件Privileges RequiredNone攻击所需的认证级别User InteractionNone是否需要受害者采取行动ScopeUnchanged超出受影响组件的影响范围ConfidentialityHigh敏感数据泄露风险IntegrityHigh数据未授权篡改风险AvailabilityHigh服务中断风险nextguardhq.com · CVSS v3.1 基础分数
这些指标意味着什么?
Attack Vector
本地 — 攻击者需要系统上的本地会话或Shell。
Attack Complexity
低 — 无需特殊条件,可以稳定地利用漏洞。
Privileges Required
无 — 无需认证,无需凭证即可利用。
User Interaction
无 — 攻击自动且无声,受害者无需任何操作。
Scope
未改变 — 影响仅限于脆弱组件本身。
Confidentiality
高 — 完全丧失机密性,攻击者可读取所有数据。
Integrity
高 — 攻击者可写入、修改或删除任何数据。
Availability
高 — 完全崩溃或资源耗尽,完全拒绝服务。

受影响的软件

组件atomic-alarm-clock
供应商Drive-software
最低版本6.3
最高版本6.3

弱点分类 (CWE)

CWE-121

时间线

  1. 已保留
  2. 发布日期

缓解措施和替代方案翻译中…

The primary mitigation for CVE-2020-37221 is to upgrade to a patched version of Atomic Alarm Clock. Since a fixed version is not explicitly mentioned in the provided data, consider reverting to a previous known-good version if the upgrade causes instability. As a temporary workaround, restrict access to the Time Zones Clock configuration to trusted users only. Monitor system logs for suspicious activity related to the application, particularly errors or crashes occurring after user input. While a specific Sigma or YARA rule isn't available, monitor for unusual process creation or network connections originating from the Atomic Alarm Clock process.

修复方法翻译中…

Actualice Atomic Alarm Clock a una versión corregida.  Verifique el sitio web del proveedor o las fuentes de descarga oficiales para obtener la última versión.  Como no se proporciona una versión corregida, considere desinstalar la aplicación hasta que se publique una actualización.

常见问题翻译中…

What is CVE-2020-37221 — Stack Overflow in Atomic Alarm Clock?

CVE-2020-37221 is a security vulnerability affecting Atomic Alarm Clock version 6.3, allowing a local attacker to execute arbitrary code through a stack overflow in the Time Zones Clock configuration. It has a CVSS score of 8.4 (HIGH).

Am I affected by CVE-2020-37221 in Atomic Alarm Clock?

You are affected if you are running Atomic Alarm Clock version 6.3. Upgrade to a patched version as soon as possible. Check your installed version against known vulnerable versions.

How do I fix CVE-2020-37221 in Atomic Alarm Clock?

The recommended fix is to upgrade to a patched version of Atomic Alarm Clock. If an upgrade is not immediately possible, consider reverting to a previous known-good version or restricting access to the Time Zones Clock configuration.

Is CVE-2020-37221 being actively exploited?

Currently, there is no public information indicating active exploitation of CVE-2020-37221. However, the vulnerability's severity warrants prompt mitigation.

Where can I find the official Atomic Alarm Clock advisory for CVE-2020-37221?

Refer to the Atomic Alarm Clock vendor's website or security advisory page for the official advisory regarding CVE-2020-37221. The publication date is 2026-05-13.

你的项目受影响吗?

上传你的依赖文件,立即了解此CVE和其他CVE是否影响你。

免费扫描搜索 CVE
live免费扫描

立即试用 — 无需账户

上传任何清单文件 (composer.lock, package-lock.json, WordPress 插件列表…) 或粘贴您的组件列表。您立即获得一份漏洞报告。上传文件只是开始:拥有账户后,您将获得持续监控、Slack/电子邮件警报、多项目和白标报告。

手动扫描Slack/邮件提醒持续监控白标报告

拖放您的依赖文件

composer.lock、package-lock.json、requirements.txt、Gemfile.lock、pubspec.lock、Dockerfile...