CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-27992 – Wondershare Dr.Fone 3.0.0 Unquoted Service Path
https://notcve.org/view.php?id=CVE-2020-27992
Dr.Fone 3.0.0 allows local users to gain privileges via a Trojan horse DriverInstall.exe because %PROGRAMFILES(X86)%\Wondershare\dr.fone\Library\DriverInstaller has Full Control for BUILTIN\Users. Dr.Fone versión 3.0.0, permite a usuarios locales conseguir privilegios por medio de un archivo de tipo caballo de Troya DriverInstall.exe porque %PROGRAMFILES(X86)%\Wondershare\dr.fone\Library\DriverInstaller presenta un control total para BUILTIN\Users Wondershare Dr.Fone version 3.0.0 suffers from an unquoted service path vulnerability. • https://drfone.wondershare.com https://packetstormsecurity.com/files/159775/Wondershare-Dr.Fone-3.0.0-Unquoted-Service-Path.html • CWE-732: Incorrect Permission Assignment for Critical Resource •