High severity7.8NVD Advisory· Published Apr 4, 2026· Updated Apr 27, 2026
CVE-2016-20059
CVE-2016-20059
Description
IObit Malware Fighter 4.3.1 contains an unquoted service path vulnerability in the IMFservice and LiveUpdateSvc services that allows local attackers to escalate privileges. Attackers can insert a malicious executable file in the unquoted service path and trigger privilege escalation when the service restarts or the system reboots, executing code with LocalSystem privileges.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2cpe:2.3:a:iobit:malware_fighter:*:*:*:*:free:*:*:*+ 1 more
- cpe:2.3:a:iobit:malware_fighter:*:*:*:*:free:*:*:*range: <=4.3.1
- (no CPE)range: =4.3.1
Patches
Vulnerability mechanics
References
4- www.exploit-db.com/exploits/40525nvdExploitVDB Entry
- www.vulncheck.com/advisories/iobit-malware-fighter-unquoted-service-path-privilege-escalationnvdThird Party Advisory
- www.iobit.com/downloadcenter.phpnvdProduct
- www.iobit.com/en/index.phpnvdProduct
News mentions
0No linked articles in our index yet.