Vulnerabilities ›

CVE-2020-37059

High

CWE-428 — Weakness Type

                    Published: Jan 30, 2026                      ·  Modified: Feb 28, 2026                      ·  Source: NVD                

CVSS v3

7.8

🔗 NVD Official

📄 Description (English)

Popcorn Time 6.2.1.14 contains an unquoted service path vulnerability that allows local non-privileged users to potentially execute code with elevated system privileges. Attackers can insert malicious executables in Program Files (x86) or system root directories to be executed with SYSTEM-level permissions during service startup.

🤖 AI Executive Summary

CVE-2020-37059 is a local privilege escalation vulnerability in Popcorn Time 6.2.1.14 exploiting unquoted service paths, allowing non-privileged users to execute arbitrary code with SYSTEM privileges. While no public exploit exists, the vulnerability is straightforward to exploit and poses significant risk in multi-user environments. Immediate patching is critical for organizations where Popcorn Time is deployed on Windows systems.

📄 Description (Arabic)

🤖 AI Intelligence Analysis Analyzed: Apr 27, 2026 15:03

🇸🇦 Saudi Arabia Impact Assessment

Impact is limited to organizations using Popcorn Time on Windows systems. Primary risk sectors include: Government agencies (if used on workstations), Educational institutions, and Corporate environments with BYOD policies. Banking and critical infrastructure (ARAMCO, STC) are unlikely to be affected due to strict application whitelisting policies. However, the vulnerability could be exploited in government offices or universities where media streaming applications may be installed on employee workstations, potentially compromising sensitive data or enabling lateral movement.

🏢 Affected Saudi Sectors

Government Education Corporate/Enterprise Healthcare (if Popcorn Time installed on workstations)

🎯 MITRE ATT&CK Techniques

T1548.004 - Abuse Elevation Control Mechanism: Unquoted Service Path T1547.011 - Boot or Logon Autostart Execution: Services T1543.003 - Create or Modify System Process: Windows Service T1611 - Escape to Host

⚖️ Saudi Risk Score (AI)

6.2

/ 10.0

🔧 Remediation Steps (English)

1. IMMEDIATE ACTIONS:

   - Identify all systems running Popcorn Time 6.2.1.14 or earlier versions using endpoint detection tools

   - Restrict local user access to Program Files (x86) and system root directories via NTFS permissions

   - Disable or remove Popcorn Time service if not business-critical



2. PATCHING:

   - Upgrade Popcorn Time to version 6.2.2 or later immediately

   - Verify service path is properly quoted in Windows Registry (HKLM\SYSTEM\CurrentControlSet\Services\)



3. COMPENSATING CONTROLS (if patching delayed):

   - Implement AppLocker or Windows Defender Application Control to prevent execution from Program Files (x86)

   - Apply principle of least privilege; restrict local admin rights

   - Monitor service startup events (Event ID 7045) for suspicious service creation



4. DETECTION:

   - Monitor for file creation in Program Files (x86) by non-admin users

   - Alert on service startup with unquoted paths containing spaces

   - Review Windows Event Viewer for privilege escalation attempts (Event ID 4688 with elevated tokens)

🔧 خطوات المعالجة (العربية)

1. الإجراءات الفورية:

   - تحديد جميع الأنظمة التي تقوم بتشغيل Popcorn Time 6.2.1.14 أو الإصدارات الأقدم باستخدام أدوات الكشف عن نقاط النهاية

   - تقييد وصول المستخدم المحلي إلى Program Files (x86) ومجلدات جذر النظام عبر أذونات NTFS

   - تعطيل أو إزالة خدمة Popcorn Time إذا لم تكن حرجة للعمل



2. التصحيح:

   - ترقية Popcorn Time إلى الإصدار 6.2.2 أو أحدث فوراً

   - التحقق من أن مسار الخدمة مقتبس بشكل صحيح في سجل Windows



3. الضوابط البديلة (إذا تأخر التصحيح):

   - تطبيق AppLocker أو Windows Defender Application Control لمنع التنفيذ من Program Files (x86)

   - تطبيق مبدأ أقل امتياز؛ تقييد حقوق المسؤول المحلي

   - مراقبة أحداث بدء الخدمة (Event ID 7045) للخدمات المريبة



4. الكشف:

   - مراقبة إنشاء الملفات في Program Files (x86) من قبل المستخدمين غير المسؤولين

   - تنبيه عند بدء الخدمة بمسارات غير مقتبسة تحتوي على مسافات

   - مراجعة Windows Event Viewer لمحاولات تصعيد الامتيازات

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

A.5.1.1 - Information security policies and procedures A.8.1.1 - User access management and least privilege A.12.2.1 - Change management procedures A.12.6.1 - Management of technical vulnerabilities

🔵 SAMA CSF

ID.AM-2 - Asset management and inventory PR.AC-1 - Access control and least privilege PR.PT-2 - Protective technology deployment DE.CM-8 - Vulnerability scanning and management

🟡 ISO 27001:2022

A.5.1 - Management direction for information security A.8.1 - User access management A.12.2 - Change management A.12.6 - Management of technical vulnerabilities and exposures

🔗 References & Sources 3

🔗

https://getpopcorntime.is

disclosure@vulncheck.com

🔗

https://www.exploit-db.com/exploits/48378

disclosure@vulncheck.com

🔗

https://www.vulncheck.com/advisories/popcorn-time-update-service-unquoted-service-path

disclosure@vulncheck.com

📊 CVSS Score

7.8

/ 10.0 — High

📊 CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack VectorL — Low / Local

Attack ComplexityL — Low / Local

Privileges RequiredL — Low / Local

User InteractionN — None / Network

ScopeU — Unchanged

ConfidentialityH — High

IntegrityH — High

AvailabilityH — High

📋 Quick Facts

Severity High

CVSS Score7.8

CWECWE-428

EPSS0.01%

Exploit No

Patch ✓ Yes

Published 2026-01-30

Source Feed nvd

🇸🇦 Saudi Risk Score

6.2

/ 10.0 — Saudi Risk

Priority: HIGH

🏷️ Tags

CWE-428

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

💬 Comments

Loading comments

CVE-2020-37059

💬 Comments

Introduce Yourself

Sign In Required