CVE-2016-20093 | Wise Care 365 4.27 and Wise Disk Cleaner 9.29 contain unquot… | CVSS 7.8 HIGH

Description

Wise Care 365 4.27 and Wise Disk Cleaner 9.29 contain unquoted service path vulnerabilities in the WiseBootAssistant and SpyHunter 4 Service respectively, allowing local users to execute arbitrary code with SYSTEM privileges. Attackers can insert malicious executables in the system root path that execute during service startup or system reboot with elevated privileges.

Metadata

CVE ID: CVE-2016-20093
State: PUBLISHED
Assigner: VulnCheck
Reserved: 2026-06-19 13:24 UTC
Published: 2026-06-19 14:16 UTC
Last updated: 2026-06-19 14:16 UTC
Primary CWE: CWE-428
Unquoted Search Path or Element
Vendor / Product: Wise / Wisecleaner
Sources: cve.org · NVD

Severity & Metrics

7.8 HIGH CVSS 3.1

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products (1)

Vendor	Product	Platform	Versions
Wise	Wisecleaner	—	9.29

Weakness (CWE)

CWE	Source	Description
CWE-428	cna	Unquoted Search Path or Element

CVSS scores (2)

Score	Severity	Version	Source	Vector
8.5	HIGH	4.0	cna	CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
7.8	HIGH	3.1	cna	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References (4)

ExploitDB-40417 https://www.exploit-db.com/exploits/40417
Official Product Homepage http://www.wisecleaner.com
Product Reference http://www.wisecleaner.com/wise-disk-cleaner.html
VulnCheck Advisory: Wise Care 365 4.27 and Wise Disk Cleaner 9.29 Unquoted Service Path Privilege Escalation https://www.vulncheck.com/advisories/wise-care-365-and-wise-disk-cleaner-unquoted-service-path-privilege-escalation