OKI Configuration Tool Unquoted Service Path Vulnerability Allowing Arbitrary Code Execution
Vulnerability
A vulnerability exists in the OKI Configuration Tool version 1.6.53, specifically within the OKI Local Port Manager service. This vulnerability is an unquoted service path issue that could allow local attackers to execute arbitrary code. The unquoted path in 'C:\Program Files\Okidata\Common\extend3\portmgrsrv.exe' can be exploited to inject malicious executables, potentially leading to elevated privileges.
Impact
Exploitation of this vulnerability could allow local attackers to execute arbitrary code with elevated privileges.
Reproduction
The vulnerability can be reproduced by exploiting the unquoted service path of the OKI Local Port Manager service. This can be done by injecting a malicious executable into the unquoted path, which is located in 'C:\Program Files\Okidata\Common\extend3\portmgrsrv.exe'. Once the malicious executable is injected, it can be executed to achieve arbitrary code execution with escalated privileges.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.