CVE-2020-37048: Iskysoft Application Framework Service 2.4.3.241 - 'IsAppService' Unquoted Service Path

Published Feb 1, 2026
·
Updated

Iskysoft Application Framework Service 2.4.3.241 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated privileges. Attackers can exploit the unquoted path in the service configuration to inject malicious executables that would be run with the service's high-level system permissions.

Affected Software

1 affected component
Iskysoft Iskysoft Application Framework Service

Event History

Feb 1, 2026
CVE Published
via MITRE·02:38 PM
Data Sourced
via MITRE·02:38 PM
DescriptionSeverityWeakness
Data Sourced
via NVD·03:16 PM
DescriptionSeverityWeakness
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Frequently Asked Questions

1

What is the severity of CVE-2020-37048?

CVE-2020-37048 is classified as a high severity vulnerability due to its potential for local privilege escalation.

2

How do I fix CVE-2020-37048?

To remediate CVE-2020-37048, ensure that the service path for Iskysoft Application Framework Service is properly quoted.

3

Who is affected by CVE-2020-37048?

CVE-2020-37048 affects users of Iskysoft Application Framework Service version 2.4.3.241.

4

Can CVE-2020-37048 be exploited remotely?

CVE-2020-37048 requires local access for exploitation, as it allows elevation of privileges on the machine.

5

What type of vulnerability is CVE-2020-37048?

CVE-2020-37048 is an unquoted service path vulnerability that can lead to arbitrary code execution.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203