Primary

Context

Wondershare Dr.Fone Unquoted Service Path Vulnerability Allowing Arbitrary Code Execution

Vulnerability

A vulnerability exists in Wondershare Dr.Fone version 12.0.18, where an unquoted service path allows local users to execute arbitrary code with elevated privileges. The misconfigured service path can be exploited to inject malicious code that executes with LocalSystem rights when the service starts.

Impact

Exploitation of this vulnerability could lead to unauthorized execution of code with elevated system privileges, allowing local users to perform actions as the LocalSystem account.

Reproduction

The vulnerability can be reproduced by inserting code into the system root path, where it can remain undetected by the operating system or security applications. This code would then execute with the application's elevated privileges during startup or after a reboot.

Added: Jan 13, 2026, 11:19 PM

Updated: Jan 13, 2026, 11:19 PM

Vulnerability Rating

Custom Algorithm

spread

4.2

impact

7.5

exploitability

4.6

remediation

0.0

relevance

2.0

threat

6.4

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

4.2

impact

7.5

exploitability

4.6

remediation

0.0

relevance

2.0

threat

6.4

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Wondershare Dr.Fone Unquoted Service Path Vulnerability Allowing Arbitrary Code Execution

Vulnerability

Impact

Reproduction

Affected Products

Wondershare Dr.Fone

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating