CVE-2020-37048

Name of the Vulnerable Software and Affected Versions Iskysoft Application Framework Service version 2.4.3.241

Description The software contains an unquoted service path issue that may allow local users to execute arbitrary code with elevated privileges. An attacker can exploit the unquoted path in the service configuration to inject malicious executables, which would then run with the service’s high-level system permissions.

Recommendations Apply appropriate quoting to the service path to prevent the execution of unauthorized code.