eBeam Interactive Suite Unquoted Service Path Vulnerability in Stylus Driver Allowing Privilege Escalation
Vulnerability
A vulnerability exists in eBeam Interactive Suite version 3.6 within the eBeam Stylus Driver service, related to an unquoted service path. This flaw enables local users to execute code with elevated privileges. The unquoted path in 'C:\Program Files (x86)\Luidia\eBeam Stylus Driver\' can be exploited by injecting malicious executables that would execute with LocalSystem permissions.
Impact
Exploitation of this vulnerability could lead to unauthorized code execution with elevated privileges, allowing a local user to execute malicious payloads with the highest system rights.
Reproduction
The vulnerability can be reproduced by exploiting the unquoted service path of the 'eBeam Stylus Driver'. After injecting a malicious executable into the unquoted path, the executable can be executed with LocalSystem privileges when the service is started.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.