Sign In
Advisories

Andrea ST Filters Service 1.0.64.7 - Unquoted service path

Go Back
severity
high
date
Affecting

  • Andrea ST Filters Service 1.0.64.7

CWE
  • CWE-428 Unquoted Search Path or Element
CVSS
8.5
CVSS V4 Vector
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Credit
Roberto Piña
Description
Andrea ST Filters Service 1.0.64.7 contains an unquoted service path vulnerability in its Windows service configuration. Local attackers can exploit the unquoted path to inject malicious code that will execute with elevated LocalSystem privileges during service startup.