Primary

Context

Atomic Alarm Clock Unquoted Service Path Vulnerability Allowing Local Privilege Escalation

Vulnerability

A local privilege escalation vulnerability has been identified in Atomic Alarm Clock version 6.3. The issue arises from an unquoted service path in the application's service configuration, allowing attackers to execute arbitrary code with SYSTEM privileges. By placing a malicious executable named 'Program.exe' in the root directory, an attacker can gain persistent system-level access.

Impact

Exploitation of this vulnerability allows for local privilege escalation, with executed code running under SYSTEM privileges.

Reproduction

The vulnerability can be reproduced by placing a file named 'Program.exe' in the root drive. The Atomic Alarm Clock service 'timeserv.exe' will then execute this file with SYSTEM privileges, allowing for unauthorized access to elevated rights.

Added: Jan 30, 2026, 5:21 PM

Updated: Jan 30, 2026, 5:21 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

4.2

remediation

0.0

relevance

2.5

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

4.2

remediation

0.0

relevance

2.5

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Atomic Alarm Clock Unquoted Service Path Vulnerability Allowing Local Privilege Escalation

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating