Primary

Context

ProShow Producer Unquoted Service Path Vulnerability Allowing Arbitrary Code Execution

Vulnerability

A vulnerability exists in ProShow Producer version 9.0.3797 within the ScsiAccess service, where an unquoted service path can be exploited by local attackers to execute arbitrary code. The flaw allows the injection of malicious executables that are executed with LocalSystem privileges when the service starts.

Impact

Exploitation of this vulnerability could lead to unauthorized execution of arbitrary code with elevated privileges.

Reproduction

The vulnerability can be reproduced by exploiting the unquoted service path of the ScsiAccess service. This can be done by injecting a malicious executable into the path, which will be executed with LocalSystem privileges when the service is started.

Added: Feb 5, 2026, 12:51 AM

Updated: Feb 5, 2026, 12:51 AM

Vulnerability Rating

Custom Algorithm

spread

2.4

impact

2.5

exploitability

4.2

remediation

0.0

relevance

2.5

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.4

impact

2.5

exploitability

4.2

remediation

0.0

relevance

2.5

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

ProShow Producer Unquoted Service Path Vulnerability Allowing Arbitrary Code Execution

Vulnerability

Impact

Reproduction

Affected Products

Photodex ProShow Producer

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating