Vulnerabilities ›

CVE-2020-36991

High

CWE-428 — Weakness Type

                    Published: Jan 28, 2026                      ·  Modified: Feb 28, 2026                      ·  Source: NVD                

CVSS v3

7.8

🔗 NVD Official

📄 Description (English)

ShareMouse 5.0.43 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the insecure service path configuration by placing malicious executables in specific system directories to gain elevated access during service startup.

🤖 AI Executive Summary

CVE-2020-36991 is a local privilege escalation vulnerability in ShareMouse 5.0.43 exploiting unquoted service paths, allowing authenticated local users to execute arbitrary code with SYSTEM privileges. While no public exploit exists, the vulnerability is straightforward to exploit and poses significant risk in multi-user environments. Organizations running ShareMouse should prioritize patching to prevent unauthorized privilege escalation.

📄 Description (Arabic)

🤖 AI Intelligence Analysis Analyzed: Apr 27, 2026 12:50

🇸🇦 Saudi Arabia Impact Assessment

ShareMouse is commonly used in Saudi corporate environments for cross-platform mouse/keyboard sharing. Impact is primarily on government agencies (NCA, MODA), financial institutions using shared workstations, and enterprise IT departments. Risk is elevated in organizations with privileged user access controls and multi-user systems. Healthcare facilities and ARAMCO subsidiaries using remote access tools may also be affected if ShareMouse is deployed in their infrastructure.

🏢 Affected Saudi Sectors

Government Banking and Financial Services Healthcare Energy and Utilities Telecommunications Enterprise IT

🎯 MITRE ATT&CK Techniques

T1548.004 - Abuse Elevation Control Mechanism: Unquoted Service Path T1547.001 - Boot or Logon Autostart Execution: Registry Run Keys T1543.003 - Create or Modify System Process: Windows Service T1574.008 - Hijack Execution Flow: DLL Search Order Hijacking

⚖️ Saudi Risk Score (AI)

7.2

/ 10.0

🔧 Remediation Steps (English)

1. IMMEDIATE: Identify all systems running ShareMouse 5.0.43 or earlier versions through asset inventory and endpoint detection tools

2. PATCH: Upgrade ShareMouse to version 5.0.44 or later immediately

3. COMPENSATING CONTROLS: Until patching is complete, restrict local administrative access and implement application whitelisting to prevent execution from system directories

4. ACCESS CONTROL: Disable ShareMouse service on systems where it is not actively required

5. MONITORING: Deploy file integrity monitoring on system directories (C:\Program Files, C:\Windows\System32) to detect suspicious executable placement

6. DETECTION RULE: Monitor for service startup events with unquoted paths; alert on executable creation in %TEMP%, %WINDIR%, and root directories by non-system accounts

🔧 خطوات المعالجة (العربية)

1. فوري: تحديد جميع الأنظمة التي تعمل بـ ShareMouse 5.0.43 أو الإصدارات الأقدم من خلال جرد الأصول وأدوات الكشف عن نقاط النهاية

2. التصحيح: ترقية ShareMouse إلى الإصدار 5.0.44 أو أحدث على الفور

3. الضوابط البديلة: حتى اكتمال التصحيح، قيد الوصول الإداري المحلي وتطبيق القائمة البيضاء للتطبيقات لمنع التنفيذ من المجلدات النظامية

4. التحكم في الوصول: تعطيل خدمة ShareMouse على الأنظمة التي لا تتطلبها بنشاط

5. المراقبة: نشر مراقبة سلامة الملفات على المجلدات النظامية لكشف وضع الملفات التنفيذية المريبة

6. قاعدة الكشف: مراقبة أحداث بدء الخدمة بمسارات غير مقتبسة؛ تنبيه عند إنشاء ملف قابل للتنفيذ في المجلدات النظامية من قبل حسابات غير النظام

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

ECC 2024 A.5.1.1 - Access Control Policies ECC 2024 A.5.2.1 - User Registration and Access Rights ECC 2024 A.5.3.1 - Management of Privileged Access Rights ECC 2024 A.8.2.1 - User Endpoint Devices

🔵 SAMA CSF

SAMA CSF ID.AM-1 - Asset Management SAMA CSF PR.AC-1 - Access Control Policy SAMA CSF PR.AC-4 - Access Rights Management SAMA CSF DE.CM-1 - System Monitoring

🟡 ISO 27001:2022

ISO 27001:2022 A.5.15 - Access Control ISO 27001:2022 A.5.16 - Access Management ISO 27001:2022 A.8.1 - User Endpoint Devices ISO 27001:2022 A.8.22 - Monitoring

🔗 References & Sources 3

🔗

https://www.exploit-db.com/exploits/48794

disclosure@vulncheck.com

🔗

https://www.sharemouse.com/

disclosure@vulncheck.com

🔗

https://www.vulncheck.com/advisories/sharemouse-sharemouse-service-unquoted-service-path

disclosure@vulncheck.com

📊 CVSS Score

7.8

/ 10.0 — High

📊 CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack VectorL — Low / Local

Attack ComplexityL — Low / Local

Privileges RequiredL — Low / Local

User InteractionN — None / Network

ScopeU — Unchanged

ConfidentialityH — High

IntegrityH — High

AvailabilityH — High

📋 Quick Facts

Severity High

CVSS Score7.8

CWECWE-428

EPSS0.01%

Exploit No

Patch ✓ Yes

Published 2026-01-28

Source Feed nvd

🇸🇦 Saudi Risk Score

7.2

/ 10.0 — Saudi Risk

Priority: HIGH

🏷️ Tags

CWE-428

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

💬 Comments

Loading comments

CVE-2020-36991

💬 Comments

Introduce Yourself

Sign In Required