Honeywell Win-PACK Pro Unquoted Service Path Vulnerability in WPCommandFileService

A vulnerability exists in Honeywell Win-PACK Pro version 4.8, specifically within the WPCommandFileService, due to an unquoted service path. This flaw allows local users to execute code with elevated privileges. The unquoted path in 'C:\Program Files (x86)\WINPAKPRO\WPCommandFileService Service.exe' can be exploited to inject malicious code that executes with LocalSystem permissions.

Impact

Exploitation of this vulnerability could lead to unauthorized code execution with elevated privileges, allowing local users to execute malicious payloads that could be harmful to the system or network.

Reproduction

The vulnerability can be reproduced by creating a service with an unquoted path that includes spaces. This can be done using the Windows Service Control (sc) command to create a new service or by modifying an existing service's path to include a space without enclosing the path in quotes. Once the service is started, any code placed in the system root path undetected by the operating system or security applications could be executed with elevated privileges.