Cobian Backup Gravity Unquoted Service Path Privilege Escalation Vulnerability

An unquoted service path vulnerability has been identified in Cobian Backup Gravity version 11.2.0.582. This vulnerability allows local users to execute arbitrary code with elevated privileges. The issue arises from the CobianBackup11 service's unquoted service path, which can be exploited to inject malicious code that executes with LocalSystem rights when the service starts.

Impact

Exploitation of this vulnerability could lead to unauthorized execution of code with elevated system privileges, allowing a local user to execute arbitrary commands or applications as the LocalSystem user.

Reproduction

The vulnerability can be reproduced by creating a service with an unquoted path that includes spaces. This can be done using the Windows Service Control Manager. Once the service is started, any code placed in the system root path can be executed with LocalSystem privileges.