Skip to main content

Mondoo

Vulnerability Management
Technology
Services

Solutions

Financial Services
Manufacturing
Healthcare

Resources

Blog
Vulnerability Database
Documentation
GitHub

Company

About
Careers
Partners
Contact

Legal

Privacy
Terms
Imprint

© 2026 Mondoo, Inc.

Log in Get Assessment

Vulnerability IntelligenceCVE-2020-36977

CVE-2020-36977

HIGH8.5

Wondershare Driver Install Service help 10.7.1.321 - 'ElevationService' Unquote Service Path

Published Jan 27, 2026

Modified 2 months ago

Details

Wondershare Driver Install Service contains an unquoted service path vulnerability in the ElevationService executable that allows local attackers to potentially inject malicious code. Attackers can exploit the unquoted path to replace the service binary with a malicious executable, enabling privilege escalation to LocalSystem account.

References

https://www.cve.org/CVERecord?id=CVE-2020-36977

https://www.exploit-db.com/exploits/49101

https://www.vulncheck.com/advisories/wondershare-driver-install-service-help-elevationservice-unquote-service-path

https://www.wondershare.com/

https://www.wondershare.com/drfone/

CVSS Analysis

CVSS v4.0

8.5

Exploitability

Attack Vector

LocalAV:L

Attack Complexity

LowAC:L

Attack Requirements

NoneAT:N

Privileges Required

LowPR:L

User Interaction

NoneUI:N

Vulnerable System

Vuln. Confidentiality

HighVC:H

Vuln. Integrity

HighVI:H

Vuln. Availability

HighVA:H

Subsequent System

Subseq. Confidentiality

NoneSC:N

Subseq. Integrity

NoneSI:N

Subseq. Availability

NoneSA:N

8.5/CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Weakness Type (CWE)

Other

Ecosystems

Timeline

PublishedJan 27, 2026

ModifiedJan 29, 2026

CVE-2020-36977 | Mondoo Vulnerability Intelligence