CVE-2016-20055
Published: 04 April 2026
Summary
CVE-2016-20055 is a high-severity Unquoted Search Path or Element (CWE-428) vulnerability in Iobit Advanced System Care. Its CVSS base score is 8.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Path Interception by Unquoted Path (T1574.009); ranked at the 7.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 CM-6 (Configuration Settings) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2016-20055 is an unquoted service path vulnerability in IObit Advanced SystemCare version 10.0.2, specifically affecting the AdvancedSystemCareService10 Windows service. The issue, classified under CWE-428, arises because the service binary path is not properly quoted, allowing local attackers to escalate privileges. It has a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high impact with low attack complexity for local users.
A local attacker with low privileges can exploit this by placing a malicious executable in a directory that precedes the legitimate service binary in the Windows search path, such as within the parent directories of the service's path. When the AdvancedSystemCareService10 restarts or the system reboots, the service launcher executes the malicious binary instead, running it with LocalSystem privileges and enabling full system compromise, including arbitrary code execution with high confidentiality, integrity, and availability impacts.
Advisories from VulnCheck detail the unquoted service path privilege escalation, while Exploit-DB hosts a public exploit (ID 40577) demonstrating the attack. References to IObit product pages, including the Advanced SystemCare free download, are provided, but specific patch or mitigation instructions from the vendor are not detailed in the CVE information.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2016-10862
Vulnerability details
IObit Advanced SystemCare 10.0.2 contains an unquoted service path vulnerability in the AdvancedSystemCareService10 service that allows local attackers to escalate privileges. Attackers can place a malicious executable in the service path and trigger privilege escalation when the service restarts or…
more
the system reboots, executing code with LocalSystem privileges.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Unquoted service path (CWE-428) in Windows service directly enables path interception by unquoted path for privilege escalation to LocalSystem.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Requires timely identification, reporting, and correction of flaws like the unquoted service path vulnerability in AdvancedSystemCareService10 to prevent local privilege escalation.
Enforces secure configuration settings for Windows services, including properly quoted binary paths, directly preventing exploitation of unquoted service path vulnerabilities.
Applies least privilege to services like AdvancedSystemCareService10, limiting the damage from privilege escalation even if the unquoted path is exploited.