Advanced System Care Unquoted Service Path Vulnerability in Privilege Escalation

A privilege escalation vulnerability has been identified in the Advanced System Care Service version 13.0.0.157. The issue arises from an unquoted service path in the 'AdvancedSystemCareService13' service, allowing local attackers to escalate privileges. Exploitation involves placing malicious executables in the system root directory, which are then executed with LocalSystem privileges when the service starts or the system reboots.

Impact

Exploitation of this vulnerability allows for unauthorized privilege escalation, with executed code running under the LocalSystem account, which has extensive rights on the system.

Reproduction

To reproduce this vulnerability, a local user must place a malicious executable in the system root path, ensuring it goes undetected by the operating system or security applications. Once the executable is in place, the service can be started or the system can be rebooted, at which point the malicious code will be executed with elevated privileges.