Primary

Context

Hotspot Shield Unquoted Service Path Privilege Escalation Vulnerability

Vulnerability

A privilege escalation vulnerability has been identified in Hotspot Shield version 6.0.3. The issue arises from an unquoted service path in the hshld service binary, allowing local attackers to inject malicious executables. Executables placed in the service path can be executed with LocalSystem privileges when the service is restarted or the system is rebooted.

Impact

Exploitation of this vulnerability allows for unauthorized privilege escalation, with injected executables running under the LocalSystem account, which has extensive rights on the system.

Reproduction

To reproduce this vulnerability, place an executable file in the unquoted service path of the Hotspot Shield hshld service. After the executable is in place, restart the service or reboot the system. The malicious executable will be executed with LocalSystem privileges.

Added: Apr 4, 2026, 2:25 PM

Updated: Apr 4, 2026, 2:25 PM

Vulnerability Rating

Custom Algorithm

spread

8.4

impact

10.0

exploitability

4.6

remediation

0.0

relevance

5.2

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

8.4

impact

10.0

exploitability

4.6

remediation

0.0

relevance

5.2

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Hotspot Shield Unquoted Service Path Privilege Escalation Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

Hotspot Shield

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating