Primary

Context

FreeLAN Unquoted Service Path Vulnerability Allowing Arbitrary Code Execution

Vulnerability

A vulnerability exists in FreeLAN version 2.2 due to an unquoted service path in its Windows service configuration. This flaw allows local attackers to execute arbitrary code by injecting malicious executables into the unquoted binary path. These executables are then executed with elevated LocalSystem privileges when the service starts.

Impact

Exploitation of this vulnerability could lead to arbitrary code execution with LocalSystem privileges.

Reproduction

The vulnerability can be reproduced by exploiting the unquoted service path of the FreeLAN service. This can be done by injecting a malicious executable into the path, which will be executed with elevated privileges when the service is started.

Added: Jan 21, 2026, 7:01 PM

Updated: Jan 21, 2026, 7:01 PM

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

10.0

exploitability

5.0

remediation

0.0

relevance

2.3

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

10.0

exploitability

5.0

remediation

0.0

relevance

2.3

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

FreeLAN Unquoted Service Path Vulnerability Allowing Arbitrary Code Execution

Vulnerability

Impact

Reproduction

Affected Products

FreeLAN

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating