Primary

Context

Wondershare Driver Install Service Unquoted Service Path Vulnerability Allowing Privilege Escalation

Vulnerability

A vulnerability exists in the Wondershare Driver Install Service, specifically in version 10.7.1.321, due to an unquoted service path in the ElevationService executable. This flaw allows local attackers to inject malicious code by replacing the service binary with a harmful executable, potentially leading to unauthorized privilege escalation to the LocalSystem account.

Impact

Exploitation of this vulnerability could allow local attackers to gain elevated privileges, executing code with LocalSystem rights.

Reproduction

The vulnerability can be reproduced by replacing the service binary of the ElevationService with a malicious executable. Once the unquoted service path is exploited, the service can be started, executing the injected malicious code with elevated privileges.

Added: Jan 27, 2026, 7:35 PM

Updated: Jan 27, 2026, 7:35 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

4.2

remediation

0.0

relevance

2.4

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

4.2

remediation

0.0

relevance

2.4

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Wondershare Driver Install Service Unquoted Service Path Vulnerability Allowing Privilege Escalation

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating