Primary

Context

MiniTool ShadowMaker Unquoted Service Path Vulnerability in MTAgentService Allowing Privilege Escalation

Vulnerability

A vulnerability exists in MiniTool ShadowMaker version 3.2 within the MTAgentService, where an unquoted service path can be exploited by local attackers to execute arbitrary code. The flaw allows for the injection of malicious executables into the unquoted path of the AgentService executable, potentially leading to elevated privileges.

Impact

Exploitation of this vulnerability could allow local attackers to execute arbitrary code with elevated privileges.

Reproduction

The vulnerability can be reproduced by exploiting the unquoted service path of the MTAgentService. This can be done by injecting a malicious executable into the unquoted path of 'C:\Program Files\MiniTool ShadowMaker\AgentService.exe'. Once the executable is injected, it can be executed to gain elevated privileges.

Added: Jan 26, 2026, 6:49 PM

Updated: Jan 26, 2026, 6:49 PM

Vulnerability Rating

Custom Algorithm

spread

4.2

impact

10.0

exploitability

4.2

remediation

0.0

relevance

2.4

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

4.2

impact

10.0

exploitability

4.2

remediation

0.0

relevance

2.4

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

MiniTool ShadowMaker Unquoted Service Path Vulnerability in MTAgentService Allowing Privilege Escalation

Vulnerability

Impact

Reproduction

Affected Products

MiniTool ShadowMaker

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating