Description
Wondershare PDFelement 5.2.9 contains a privilege escalation vulnerability due to an unquoted service path in the WsAppService Windows service. Local attackers can place a malicious executable in the service path and execute code with LocalSystem privileges upon service restart or system reboot.
Published: 2026-06-19
Score: 8.5 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Wondershare PDFelement 5.2.9 contains a flaw in the WsAppService Windows service where the executable path is unquoted. Local attackers can exploit this by placing a malicious executable in the specified path; when the service restarts or the system reboots, the malicious code runs with LocalSystem privileges. This allows the attacker to gain full control over the affected machine, including the ability to install malware, exfiltrate data, or modify system settings.

Affected Systems

The vulnerable product is Wondershare PDFelement version 5.2.9. No other affected versions are documented. Systems running this exact version on Windows are at risk.

Risk and Exploitability

The CVSS score of 8.5 indicates a high severity vulnerability. The EPSS score is not available, and the issue is not listed in the CISA KEV catalog, suggesting that while exploitation may not be widespread yet, its local nature and high privilege gain potential warrant immediate attention. Attackers must have local access to the system and sufficient permissions to place a file in the service path; they typically require an account that can modify the service configuration or drop files in the service directory. The high severity and local attack vector make this flaw a serious concern for environments where PDFelement 5.2.9 is deployed.

Generated by OpenCVE AI on June 19, 2026 at 21:00 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Wondershare PDFelement to a version newer than 5.2.9, which removes the unquoted service path issue.
  • If an update cannot be applied immediately, rename the service executable or edit the service registry entry to add quotes around the full executable path, preventing an attacker from inserting a malicious file in that location.
  • Restrict the local user account that can modify the service configuration or write to the service directory, ensuring only trusted administrators have write access.
  • Audit the service configuration and directory permissions regularly to detect any unauthorized changes.

Generated by OpenCVE AI on June 19, 2026 at 21:00 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 19 Jun 2026 21:00:00 +0000

Type Values Removed Values Added
First Time appeared Wondershare
Wondershare pdfelement
Vendors & Products Wondershare
Wondershare pdfelement

Fri, 19 Jun 2026 18:15:00 +0000

Type Values Removed Values Added
Description Wondershare PDFelement 5.2.9 contains a privilege escalation vulnerability due to an unquoted service path in the WsAppService Windows service. Local attackers can place a malicious executable in the service path and execute code with LocalSystem privileges upon service restart or system reboot.
Title Wondershare PDFelement 5.2.9 Privilege Escalation via Unquoted Service Path
Weaknesses CWE-428
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 8.5, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Wondershare Pdfelement
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-06-19T14:16:52.124Z

Reserved: 2026-06-19T14:08:04.388Z

Link: CVE-2020-37254

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-19T21:15:16Z

Weaknesses
  • CWE-428

    Unquoted Search Path or Element