Motorola Device Manager Unquoted Service Path Vulnerability in PST Service Allowing Arbitrary Code Execution
Vulnerability
A vulnerability exists in Motorola Device Manager versions 2.4.5 and 2.5.4, specifically within the PST Service. This vulnerability is an unquoted service path issue that could allow local users to execute arbitrary code. The flaw arises because the service path in 'ForwardDaemon.exe' is not properly quoted, enabling potential injection of malicious code that could be executed with elevated system privileges when the service starts.
Impact
Exploitation of this vulnerability could lead to unauthorized execution of code with elevated privileges on the system.
Reproduction
The vulnerability can be reproduced by using the Windows Management Instrumentation Command-line (WMIC) tool to query service details. Look for the 'PST Service' which will reveal the unquoted path of 'ForwardDaemon.exe'. This unquoted path can then be exploited to execute arbitrary code with elevated privileges.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.