Dup Scout Unquoted Service Path Vulnerability Allowing Privilege Escalation

A vulnerability exists in Dup Scout version 13.5.28 due to an unquoted service path in its Windows service configuration. This flaw allows local attackers to execute arbitrary code by exploiting the unquoted path in 'C:\Program Files\Dup Scout Server\bin\dupscts.exe'. Attackers can inject malicious executables, leading to privilege escalation.

Impact

Exploitation of this vulnerability could result in unauthorized execution of code with elevated privileges.

Reproduction

The vulnerability can be reproduced by installing Dup Scout version 13.5.28 and then using the Windows Management Instrumentation Command-line (WMIC) tool to query the service configuration. The unquoted service path can be identified, which indicates the presence of the vulnerability. Once the unquoted path is confirmed, malicious executables can be injected to exploit the vulnerability and escalate privileges.