Primary

Context

Wondershare MobileTrans Unquoted Service Path Vulnerability in ElevationService

Vulnerability

A vulnerability exists in Wondershare MobileTrans version 3.5.9, specifically within the ElevationService, due to an unquoted service path. This flaw allows local users to execute code with elevated system privileges. The vulnerability can be exploited by placing malicious executables in certain filesystem locations, which will be executed with LocalSystem permissions when the service starts.

Impact

Exploitation of this vulnerability could lead to unauthorized code execution with elevated privileges, allowing a local user to execute malicious payloads as the LocalSystem user.

Reproduction

The vulnerability can be reproduced by placing a malicious executable in a location that will be accessed by the unquoted service path of the ElevationService. The executable will then be executed with LocalSystem privileges when the service starts.

Added: Jan 13, 2026, 11:16 PM

Updated: Jan 13, 2026, 11:16 PM

Vulnerability Rating

Custom Algorithm

spread

5.4

impact

7.5

exploitability

4.6

remediation

0.0

relevance

2.0

threat

6.4

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.4

impact

7.5

exploitability

4.6

remediation

0.0

relevance

2.0

threat

6.4

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Wondershare MobileTrans Unquoted Service Path Vulnerability in ElevationService

Vulnerability

Impact

Reproduction

Affected Products

Wondershare MobileTrans

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating