CVE-2016-20095 in Remote Control Host
Summary
by MITRE • 06/19/2026
Matrix42 Remote Control Host 3.20.0031 contains an unquoted service path vulnerability in the FastViewerRemoteService and FastViewerRemoteProxy services that allows local users to execute arbitrary code with SYSTEM privileges. Attackers can place a malicious executable in the Program Files directory with a crafted name to be executed by the service during startup, gaining elevated privileges.
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Analysis
by VulDB Data Team • 06/19/2026
The Matrix42 Remote Control Host 3.20.0031 software presents a critical security vulnerability through its unquoted service path configuration in the FastViewerRemoteService and FastViewerRemoteProxy components. This flaw represents a classic privilege escalation vector that exploits the Windows service architecture and path resolution mechanisms. The vulnerability stems from the improper handling of service executable paths that contain spaces but lack proper quotation marks around the complete path specification.
The technical exploitation of this vulnerability occurs when attackers place malicious executables in the Program Files directory with carefully crafted names that align with the service startup sequence. The service paths are configured without proper quoting, allowing the Windows service manager to interpret the path incorrectly and potentially execute binaries from unintended locations. This behavior aligns with CWE-428, which describes the weakness of unquoted service paths, and represents a fundamental flaw in service configuration security practices. The vulnerability directly enables local privilege escalation attacks where a low-privilege user can execute arbitrary code with SYSTEM privileges.
The operational impact of this vulnerability extends beyond simple code execution, as it provides attackers with complete system compromise capabilities. Once executed with SYSTEM privileges, malicious code can manipulate system files, modify registry settings, install additional malware, and establish persistence mechanisms. The attack surface is particularly concerning because it requires no network connectivity and operates entirely through local system access. This vulnerability fits within the ATT&CK framework under privilege escalation techniques, specifically targeting service execution and registry modification tactics. The affected services FastViewerRemoteService and FastViewerRemoteProxy are particularly dangerous as they run with elevated privileges, making any compromise of these components equivalent to full system takeover.
Mitigation strategies for this vulnerability should focus on immediate service path remediation through proper quotation of all service executable paths. System administrators must audit service configurations and ensure all service paths containing spaces are properly quoted to prevent path resolution ambiguity. Additionally, implementing least privilege principles and regular security audits of installed services can prevent exploitation attempts. The recommended approach includes updating to the latest Matrix42 Remote Control Host version, applying Microsoft security patches, and configuring appropriate access controls for the Program Files directory. Organizations should also implement monitoring solutions that detect unauthorized executable placements in critical system directories and establish regular vulnerability scanning procedures to identify similar path configuration issues across the enterprise infrastructure.