Primary

Context

Splashtop Unquoted Service Path Vulnerability Allowing Arbitrary Code Execution

Vulnerability

A vulnerability exists in Splashtop version 8.71.12001.0 within the Splashtop Software Updater Service. This vulnerability is an unquoted service path issue that enables local attackers to execute arbitrary code. Exploitation involves injecting malicious executables into the unquoted path located in 'C:\Program Files (x86)\Splashtop\Splashtop Software Updater\'. Such actions could lead to unauthorized privilege escalation.

Impact

Exploitation of this vulnerability could result in unauthorized code execution with elevated privileges.

Reproduction

The vulnerability can be reproduced by exploiting the unquoted service path in the Splashtop Software Updater Service. This can be done by injecting malicious executables into the unquoted path, which is accessible in 'C:\Program Files (x86)\Splashtop\Splashtop Software Updater\'. Once the malicious executable is injected, it can be executed to achieve arbitrary code execution and escalate privileges.

Added: Jan 13, 2026, 11:30 PM

Updated: Jan 13, 2026, 11:30 PM

Vulnerability Rating

Custom Algorithm

spread

6.8

impact

10.0

exploitability

4.8

remediation

0.0

relevance

2.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.8

impact

10.0

exploitability

4.8

remediation

0.0

relevance

2.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Splashtop Unquoted Service Path Vulnerability Allowing Arbitrary Code Execution

Vulnerability

Impact

Reproduction

Affected Products

Splashtop

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating