Primary

Context

Cooler Master MasterPlus Unquoted Service Path Vulnerability in MPService Allowing Elevated Privileges

Vulnerability

A vulnerability exists in Cooler Master MasterPlus version 1.8.5, specifically within the MPService, due to an unquoted service path. This flaw enables local attackers to execute code with elevated system privileges. By placing a malicious executable in the service path, attackers can initiate code execution when the service starts or during a system reboot.

Impact

Exploitation of this vulnerability could lead to unauthorized code execution with system privileges.

Reproduction

The vulnerability can be reproduced by dropping a malicious executable into the unquoted service path of 'C:\Program Files (x86)\CoolerMaster\MasterPlus\'. After placing the executable, either restart the 'MPService' or reboot the system to trigger the execution of the malicious payload.

Added: Jan 13, 2026, 11:27 PM

Updated: Jan 13, 2026, 11:27 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

4.6

remediation

0.0

relevance

2.0

threat

6.4

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

4.6

remediation

0.0

relevance

2.0

threat

6.4

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Cooler Master MasterPlus Unquoted Service Path Vulnerability in MPService Allowing Elevated Privileges

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating