Enigma Software SpyHunter 4 Unquoted Service Path Vulnerability Allowing Arbitrary Code Execution

A vulnerability exists in Enigma Software's SpyHunter 4 due to an unquoted service path. This flaw allows local users to execute arbitrary code with elevated system privileges. The vulnerability can be exploited by placing malicious executables in specific locations within the file system, which the service may execute during startup.

Impact

Exploitation of this vulnerability could lead to unauthorized execution of code with elevated privileges, potentially allowing for significant system modifications or access.

Reproduction

The vulnerability can be reproduced by first confirming the presence of an unquoted service path for the 'SpyHunter 4 Service' using the Windows Management Instrumentation Command-line (WMIC) tool. Once the unquoted service path is identified, a local user can place a malicious executable in a location that will be accessed by the service when it starts, such as the root directory. If the executable is executed by the service, the code will run with elevated privileges.