CVE-2020-15009

Name of the Vulnerable Software and Affected Versions ASUS ScreenPad2 Upgrade Tool versions 1.0.3

Description The issue allows for unsigned code execution with no additional restrictions when a user places an application at a specific path with a particular file name, potentially affecting ASUS PCs with ScreenPad 1.0, such as UX450FDX, UX550GDX, and UX550GEX models.

Recommendations For version 1.0.3, consider restricting access to the AsusScreenXpertServicec.exe and ScreenXpertUpgradeServiceManager.exe executables until a patch is available. Avoid placing applications at the particular path with the specific file name that could lead to unsigned code execution.