Wondershare UBackit Unquoted Service Path Vulnerability Allowing Arbitrary Code Execution
Vulnerability
A vulnerability exists in Wondershare UBackit version 2.0.5, where an unquoted service path in the 'wsbackup' service can be exploited by local users to execute arbitrary code with elevated privileges. The flaw allows injection of malicious executables that could be executed with LocalSystem rights during the service's startup.
Impact
Exploitation of this vulnerability could lead to unauthorized execution of code with elevated system privileges, potentially allowing for significant changes to the system or access to sensitive information.
Reproduction
The vulnerability can be reproduced by creating a malicious executable and placing it in a location that will be accessed during the startup of the 'wsbackup' service'. The unquoted service path can be exploited to execute this malicious code with LocalSystem privileges.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.