VYPR
High severity7.8NVD Advisory· Published Apr 4, 2026· Updated Apr 27, 2026

CVE-2016-20059

CVE-2016-20059

Description

IObit Malware Fighter 4.3.1 contains an unquoted service path vulnerability in the IMFservice and LiveUpdateSvc services that allows local attackers to escalate privileges. Attackers can insert a malicious executable file in the unquoted service path and trigger privilege escalation when the service restarts or the system reboots, executing code with LocalSystem privileges.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • cpe:2.3:a:iobit:malware_fighter:*:*:*:*:free:*:*:*+ 1 more
    • cpe:2.3:a:iobit:malware_fighter:*:*:*:*:free:*:*:*range: <=4.3.1
    • (no CPE)range: =4.3.1

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.