Spy Emergency Unquoted Service Path Vulnerability Allowing Elevated Privileges
Vulnerability
A vulnerability exists in Spy Emergency version 25.0.650 due to unquoted service paths in its Windows service configurations. This flaw allows local attackers to execute code with elevated privileges. The unquoted paths in 'SpyEmergencyHealth.exe' and 'SpyEmergencySrv.exe' can be exploited to inject malicious code during system startup or when the service is restarted.
Impact
Exploitation of this vulnerability could lead to unauthorized code execution with elevated privileges on the affected system.
Reproduction
The vulnerability can be reproduced by examining the service configurations for unquoted file paths. This can be done using the Windows Management Instrumentation Command-line (WMIC) to query service details, filtering for services related to Spy Emergency. The unquoted paths can then be used to exploit the vulnerability by injecting malicious code that is executed during system startup or service restart.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.