Quick 'n Easy FTP Service Unquoted Service Path Vulnerability Allowing Arbitrary Code Execution
Vulnerability
A vulnerability exists in Quick 'n Easy FTP Service version 3.2 due to an unquoted service path. This flaw allows local attackers to execute arbitrary code with elevated LocalSystem privileges during the service's startup or after a system reboot. Exploitation involves injecting malicious executables into the misconfigured service binary path, which the service executes when it starts.
Impact
Exploitation of this vulnerability could lead to unauthorized execution of code with elevated privileges, allowing for potentially malicious actions to be performed on the system.
Reproduction
The vulnerability can be reproduced by exploiting the unquoted service path of the Quick 'n Easy FTP Service. This involves placing a malicious executable in a location that the service will execute during startup or after a reboot, taking advantage of the elevated LocalSystem privileges.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.