CVE-2016-20056

HIGH CVSS 7.8 View on NVD ↗

Description

Spy Emergency build 23.0.205 contains an unquoted service path vulnerability in the SpyEmrgHealth and SpyEmrgSrv services that allows local attackers to escalate privileges by inserting malicious executables. Attackers can place executable files in the unquoted service path and trigger service restart or system reboot to execute code with LocalSystem privileges.

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References

http://www.spy-emergency.com/
http://www.spy-emergency.com/download/download.php?id=1
https://www.exploit-db.com/exploits/40550
https://www.vulncheck.com/advisories/spy-emergency-build-unquoted-service-path-privilege-escalation

Published: Apr 04, 2026 14:16 UTC Modified: Apr 04, 2026 14:16 UTC