Primary

Context

Prey Unquoted Service Path Vulnerability in CronService Allowing Privilege Escalation

Vulnerability

A vulnerability exists in Prey version 1.9.6 due to an unquoted service path in the CronService. This flaw allows local users to execute code with elevated privileges. Exploitation involves inserting malicious code into a location that the operating system does not monitor, which could then be executed when the application starts or the system reboots.

Impact

Exploitation of this vulnerability could lead to unauthorized code execution with elevated privileges.

Reproduction

The vulnerability can be reproduced by creating a service with an unquoted path that includes spaces. This can be done by manually editing the service configuration to remove the quotes around the path. Once the service is started, the injected code can be executed with elevated privileges.

Added: Jan 28, 2026, 1:33 PM

Updated: Jan 28, 2026, 1:33 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

4.2

remediation

0.0

relevance

2.4

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

4.2

remediation

0.0

relevance

2.4

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Prey Unquoted Service Path Vulnerability in CronService Allowing Privilege Escalation

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating