CVE-2020-36198

Name of the Vulnerable Software and Affected Versions Malware Remover versions prior to 4.6.1.0

Description A command injection vulnerability has been reported, allowing remote attackers to execute arbitrary commands if exploited. The issue is related to the incorrect neutralization of special elements during the processing of TAR files in the file system, which can enable an attacker to execute arbitrary commands and escalate privileges.

Recommendations For versions prior to 4.6.1.0, update to version 4.6.1.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the file system and TAR file processing functionality until a patch is applied. Avoid using the vulnerable Malware Remover versions in environments where remote attackers could exploit this vulnerability.