Active WebCam Unquoted Service Path Vulnerability Allowing Arbitrary Code Execution
Vulnerability
A vulnerability exists in Active WebCam version 11.5 due to an unquoted service path. This flaw allows local attackers to execute arbitrary code with elevated privileges. Exploitation involves placing malicious executables in specific directories to gain administrative access.
Impact
Exploitation of this vulnerability could lead to unauthorized execution of code with elevated system privileges, allowing for potential administrative access on the affected machine.
Reproduction
The vulnerability can be reproduced by first ensuring that Active WebCam 11.5 is installed and configured to start as a service on Windows startup. Once this is set, the service can be queried to confirm the unquoted service path. Afterward, malicious executables can be placed in the right directory to exploit the unquoted service path vulnerability, allowing for arbitrary code execution with elevated privileges.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.