Description
Matrix42 Remote Control Host 3.20.0031 contains an unquoted service path vulnerability in the FastViewerRemoteService and FastViewerRemoteProxy services that allows local users to execute arbitrary code with SYSTEM privileges. Attackers can place a malicious executable in the Program Files directory with a crafted name to be executed by the service during startup, gaining elevated privileges.
Published: 2026-06-19
Score: 8.5 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Matrix42 Remote Control Host 3.20.0031 has a flaw where the FastViewerRemoteService and FastViewerRemoteProxy services use an unquoted path on the system. An attacker who can write to the Program Files directory can place a malicious executable with a crafted name, which the service will run at startup, giving the attacker SYSTEM level privileges. The weakness is an unquoted service path, classified as CWE-428.

Affected Systems

The vulnerability affects Matrix42 Remote Control Host version 3.20.0031 on Windows platforms. The services impacted are FastViewerRemoteService and FastViewerRemoteProxy.

Risk and Exploitability

The CVSS score of 8.5 indicates a high severity issue. EPSS is not available and the vulnerability is not listed in the CISA KEV catalog, suggesting no widely known exploitation events yet. The likely attack vector requires local user privileges or insider access; an attacker must be able to place an executable in the Program Files folder and trigger the service at startup. The lack of remote access limitations means the risk is confined to users who can modify local files.

Generated by OpenCVE AI on June 19, 2026 at 20:37 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Matrix42 Remote Control Host to the latest patch that removes the unquoted service path.
  • If an upgrade is not immediately possible, delete or rename any executable that matches the unquoted path in the Program Files directory or restrict that folder’s executable permissions for the service account.
  • Implement least‑privilege policies for local user accounts to prevent unauthorized writes to program directories.

Generated by OpenCVE AI on June 19, 2026 at 20:37 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 19 Jun 2026 18:15:00 +0000

Type Values Removed Values Added
Description Matrix42 Remote Control Host 3.20.0031 contains an unquoted service path vulnerability in the FastViewerRemoteService and FastViewerRemoteProxy services that allows local users to execute arbitrary code with SYSTEM privileges. Attackers can place a malicious executable in the Program Files directory with a crafted name to be executed by the service during startup, gaining elevated privileges.
Title Matrix42 Remote Control Host 3.20.0031 Unquoted Path Privilege Escalation
Weaknesses CWE-428
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 8.5, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-06-19T14:16:47.950Z

Reserved: 2026-06-19T13:26:23.179Z

Link: CVE-2016-20095

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-19T20:45:03Z

Weaknesses
  • CWE-428

    Unquoted Search Path or Element