Primary

Context

HTC IPTInstaller Unquoted Service Path Vulnerability in PassThru Service

Vulnerability

A vulnerability exists in HTC IPTInstaller version 4.0.9, specifically within the PassThru Service, due to an unquoted service path. This flaw allows attackers to exploit the ambiguous binary path to inject and execute malicious code with elevated LocalSystem privileges.

Impact

Exploitation of this vulnerability could lead to unauthorized code execution with elevated privileges, allowing an attacker to execute malicious payloads as the LocalSystem user.

Reproduction

The vulnerability can be reproduced by querying the service configuration for the 'PassThru Service'. The unquoted binary path can be observed, which is susceptible to exploitation. Once the path is identified, it can be manipulated to execute malicious code with elevated privileges.

Added: Jan 25, 2026, 2:24 PM

Updated: Jan 25, 2026, 2:24 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

4.2

remediation

0.0

relevance

2.4

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

4.2

remediation

0.0

relevance

2.4

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

HTC IPTInstaller Unquoted Service Path Vulnerability in PassThru Service

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating