Remote Mouse Unquoted Service Path Vulnerability Allowing Arbitrary Code Execution
Vulnerability
A vulnerability exists in Remote Mouse version 4.002 due to an unquoted service path in the RemoteMouseService. This flaw allows local attackers to execute arbitrary code with elevated system privileges. By exploiting the unquoted service path, attackers can inject malicious executables into the service and gain administrative access.
Impact
Exploitation of this vulnerability could lead to unauthorized execution of code with elevated privileges, allowing a local attacker to gain administrative rights on the system.
Reproduction
The vulnerability can be reproduced by querying the service configuration for the RemoteMouseService. The unquoted service path can be identified, which is vulnerable to exploitation. Once the unquoted path is confirmed, malicious executables can be placed in a location that the service will execute them from, effectively gaining elevated privileges.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.