OKI Print Job Accounting Unquoted Service Path Vulnerability Allowing Arbitrary Code Execution
Vulnerability
A vulnerability exists in OKI Print Job Accounting version 4.4.10, specifically within the OkiJaSvc service. This vulnerability is an unquoted service path issue that could allow local attackers to execute arbitrary code. The unquoted path in 'C:\Program Files\Okidata\Print Job Accounting\' can be exploited to inject malicious executables, potentially leading to privilege escalation.
Impact
Exploitation of this vulnerability could result in unauthorized privilege escalation and arbitrary code execution on the affected system.
Reproduction
The vulnerability can be reproduced by exploiting the unquoted service path of the OkiJaSvc service. This can be done by injecting a malicious executable into the unquoted path, which is located in 'C:\Program Files\Okidata\Print Job Accounting\'. Once the executable is injected, it can be executed to escalate privileges on the system.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.