Описание
Lavasoft Web Companion (also known as Ad-Aware WebCompanion) versions 8.9.0.1091 through 12.1.3.1037 installs the DCIService.exe service with an unquoted service path vulnerability. An attacker with write access to the file system could potentially execute arbitrary code with elevated privileges by placing a malicious executable in the unquoted path.
EPSS
Процентиль: 25%
0.00089
Низкий
7.3 High
CVSS3
Дефекты
CWE-284
Связанные уязвимости
CVSS3: 7.3
github
4 месяца назад
Lavasoft Web Companion (also known as Ad-Aware WebCompanion) versions 8.9.0.1091 through 12.1.3.1037 installs the DCIService.exe service with an unquoted service path vulnerability. An attacker with write access to the file system could potentially execute arbitrary code with elevated privileges by placing a malicious executable in the unquoted path.
EPSS
Процентиль: 25%
0.00089
Низкий
7.3 High
CVSS3
Дефекты
CWE-284