Description
Incorrect Default Permissions in pcvisit service binary on Windows allows a low-privileged local attacker to escalate their privileges by overwriting the service binary with arbitrary contents. This service binary is automatically launched with NT\SYSTEM privileges on boot. This issue affects all versions after 22.6.22.1329 and was fixed in 25.12.3.1745.
Published: 2026-04-22
Score: 8.5 High
EPSS: n/a
KEV: No
Impact: Privilege Escalation
Action: Apply Patch
AI Analysis

Impact

The flaw is an incorrect default permission setting on the pcvisit service binary installed on Windows. A local user who is not privileged can overwrite that binary with arbitrary contents. When Windows starts the machine, the service binary is automatically started with NT\SYSTEM privileges; therefore, a compromised binary grants the attacker complete control over the system.

Affected Systems

Affected are pcvisit Remote Host Modul installations on Windows that include versions newer than 22.6.22.1329. The issue was resolved in version 25.12.3.1745 and later.

Risk and Exploitability

The CVSS score of 8.5 indicates a high impact vulnerability. Although no EPSS value is available, the vulnerability is not in the CISA KEV catalog. The attack vector is local; a low‑privileged user who can write to the file system can take advantage of the misconfigured permissions. Once the attacker replaces the binary, the malicious code will execute under SYSTEM level, giving full system compromise.

Generated by OpenCVE AI on April 22, 2026 at 15:02 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the pcvisit Remote Host Modul to version 25.12.3.1745 or later, which removes the insecure permission setting.
  • If upgrading is not immediately possible, restrict write permissions on the service binary and its containing folder so that only administrators can modify them.
  • If none of the above actions can be performed, stop or disable the pcvisit service to prevent any privilege escalation via the binary.

Generated by OpenCVE AI on April 22, 2026 at 15:02 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 22 Apr 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 22 Apr 2026 13:45:00 +0000

Type Values Removed Values Added
Description Incorrect Default Permissions in pcvisit service binary on Windows allows a low-privileged local attacker to escalate their privileges by overwriting the service binary with arbitrary contents. This service binary is automatically launched with NT\SYSTEM privileges on boot. This issue affects all versions after 22.6.22.1329 and was fixed in 25.12.3.1745.
Title Local Privilege Escalation in pcvisit service client
Weaknesses CWE-276
References
Metrics cvssV4_0

{'score': 8.5, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: NCSC.ch

Published:

Updated: 2026-04-22T14:09:01.708Z

Reserved: 2025-12-23T13:06:22.032Z

Link: CVE-2026-0539

cve-icon Vulnrichment

Updated: 2026-04-22T14:08:57.176Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-22T14:16:30.317

Modified: 2026-04-22T21:23:52.620

Link: CVE-2026-0539

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-22T15:15:16Z

Weaknesses