Spy Emergency Unquoted Service Path Privilege Escalation Vulnerability

A privilege escalation vulnerability has been identified in Spy Emergency build 23.0.205, specifically within the SpyEmrgHealth and SpyEmrgSrv services. This vulnerability arises from an unquoted service path, allowing local attackers to escalate privileges by placing malicious executables in the service path. The injected executables can be executed with LocalSystem privileges when the service is restarted or the system is rebooted.

Impact

Exploitation of this vulnerability allows for unauthorized privilege escalation, with executed code running under the LocalSystem account, which has extensive rights on the system.

Reproduction

To reproduce this vulnerability, a local attacker must place an executable file in the unquoted service path of the vulnerable Spy Emergency services. Once the executable is in place, the attacker can trigger the execution by restarting the service or rebooting the system.