Honeywell Win-PACK Pro Unquoted Service Path Vulnerability in GuardTourService

A unquoted service path vulnerability has been identified in Honeywell's Win-PACK Pro version 4.8, specifically within the GuardTourService. This vulnerability allows local users to execute code with elevated system privileges. The issue arises from the unquoted service path in 'C:\Program Files (x86)\WINPAKPRO\WP GuardTour Service.exe', which can be exploited to inject malicious code that executes during the service's startup.

Impact

Exploitation of this vulnerability could lead to unauthorized code execution with elevated privileges, allowing local users to execute malicious payloads that could be harmful to the system or network.

Reproduction

The vulnerability can be reproduced by inserting malicious code into the system root path, where it can remain undetected by the operating system or security applications. This code would then be executed during the startup of the GuardTourService, which runs with elevated privileges.