Acer Global Registration Service Unquoted Service Path Vulnerability Allowing Arbitrary Code Execution
Vulnerability
A vulnerability exists in the Acer Global Registration Service version 1.0.0.3, specifically within the service configuration of 'GREGsvc.exe'. This vulnerability is an unquoted service path issue that enables local users to execute arbitrary code. The unquoted path in 'C:\Program Files (x86)\Acer\Registration\' can be exploited by injecting malicious executables. These executables would be executed with elevated LocalSystem privileges when the service starts up.
Impact
Exploitation of this vulnerability could lead to unauthorized execution of code with elevated privileges, allowing a local user to execute arbitrary commands or applications as the LocalSystem user.
Reproduction
The vulnerability can be reproduced by creating a malicious executable and placing it in a directory that is not monitored by the operating system or security applications. The executable should be named in a way that exploits the unquoted service path of 'GREGsvc.exe'. Once the executable is in place, restarting the service or the computer will trigger the execution of the malicious code with elevated privileges.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.