Description
sheed AntiVirus 2.3 contains an unquoted service path vulnerability in the ShavProt service that allows local attackers to escalate privileges by exploiting the service binary path. Attackers can insert a malicious executable in the unquoted path and trigger service restart or system reboot to execute code with LocalSystem privileges.
Published: 2026-04-04
Score: 8.5 High
EPSS: < 1% Very Low
KEV: No
Impact: Privilege Escalation via Unquoted Service Path
Action: Patch
AI Analysis

Impact

An unquoted service path in the ShavProt service of Sheed AntiVirus version 2.3 allows a local attacker to execute a crafted executable with LocalSystem privileges. By placing a malicious file in the unquoted portion of the service binary path and forcing the service to restart or the system to reboot, the attacker can run code with the highest local privileges, potentially taking full control of the affected machine.

Affected Systems

Sheed AntiVirus, developed by Sheedantivirus, specifically version 2.3 is affected. No other product or version information is listed.

Risk and Exploitability

The vulnerability is rated CVSS 8.5, indicating a high severity. EPSS information is not available, and it is not listed in the CISA KEV catalog. The attack vector is local; an attacker with local access can trigger a service restart or reboot to exploit the unquoted path, which is a straightforward method for privilege escalation on the target system.

Generated by OpenCVE AI on April 4, 2026 at 17:26 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Check the Sheed antivirus vendor site for a patch or newer version that quotes the service path or otherwise removes the unquoted service path vulnerability.
  • If a patch is unavailable, remove or rename the ShavProt service so that its binary path does not contain whitespace or conflicting names, ensuring it is enclosed in quotation marks if the service configuration can be updated manually.
  • As a temporary measure, avoid placing untrusted executables in the same directories referenced by the service path and restrict local user abilities to restart services or reboot the system.

Generated by OpenCVE AI on April 4, 2026 at 17:26 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 07 Apr 2026 00:00:00 +0000

Type Values Removed Values Added
First Time appeared Sheedantivirus
Sheedantivirus sheed Antivirus
Vendors & Products Sheedantivirus
Sheedantivirus sheed Antivirus

Mon, 06 Apr 2026 16:45:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Sat, 04 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Description sheed AntiVirus 2.3 contains an unquoted service path vulnerability in the ShavProt service that allows local attackers to escalate privileges by exploiting the service binary path. Attackers can insert a malicious executable in the unquoted path and trigger service restart or system reboot to execute code with LocalSystem privileges.
Title sheed AntiVirus 2.3 Unquoted Service Path Privilege Escalation
Weaknesses CWE-428
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 8.5, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Sheedantivirus Sheed Antivirus
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-04-06T15:41:08.215Z

Reserved: 2026-04-04T13:43:24.884Z

Link: CVE-2016-20061

cve-icon Vulnrichment

Updated: 2026-04-06T15:41:02.031Z

cve-icon NVD

Status : Deferred

Published: 2026-04-04T14:16:18.930

Modified: 2026-04-16T16:15:56.380

Link: CVE-2016-20061

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-06T21:57:50Z

Weaknesses