Primary

Context

Program Access Controller Unquoted Service Path Vulnerability in PACService.exe

Vulnerability

A vulnerability exists in Program Access Controller version 1.2.0.0 within the PACService.exe file, where an unquoted service path allows local attackers to execute code with elevated privileges. This vulnerability can be exploited by injecting and running malicious executables with LocalSystem permissions during system startup or reboot.

Impact

Exploitation of this vulnerability could lead to unauthorized code execution with elevated privileges.

Reproduction

The vulnerability can be reproduced by taking advantage of the unquoted service path of the PACService.exe. During system startup or reboot, the absence of quotes in the service path can be exploited to execute malicious executables with LocalSystem rights.

Added: Jan 28, 2026, 1:33 PM

Updated: Jan 28, 2026, 1:33 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

4.2

remediation

0.0

relevance

2.4

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

4.2

remediation

0.0

relevance

2.4

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Program Access Controller Unquoted Service Path Vulnerability in PACService.exe

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating