Adaware Web Companion Unquoted Service Path Vulnerability in WCAssistantService

A vulnerability exists in Adaware Web Companion version 4.8.2078.3950, specifically within the WCAssistantService, due to an unquoted service path. This flaw allows local users to execute code with elevated privileges. Exploitation involves injecting malicious code into the unquoted path, which could then be executed with LocalSystem rights when the service starts.

Impact

Exploitation of this vulnerability could lead to unauthorized code execution with elevated privileges, allowing a local user to execute malicious payloads as the LocalSystem user.

Reproduction

The vulnerability can be reproduced by creating a service with an unquoted path that includes spaces. This can be done by using the Windows Management Instrumentation Command-line (WMIC) tool to query services and find one that is set to auto-start. Once the vulnerable service is identified, a local user can place a malicious executable in a location that is not monitored by the operating system or security software, where it can be executed during the service's startup process.