PTPublisher Unquoted Service Path Vulnerability Allowing Arbitrary Code Execution

A vulnerability exists in PTPublisher version 2.3.4 within the PTProtect service, where an unquoted service path can be exploited by local attackers. This flaw may lead to the execution of arbitrary code with elevated privileges. The vulnerability arises from the unquoted path to the UsbFlashDongleService.exe executable, located in the Program Files (x86) directory for Primera Technology. Exploitation involves injecting malicious executables into this path, potentially allowing attackers to gain system-level access.

Impact

Exploitation of this vulnerability could result in unauthorized execution of code with elevated privileges, potentially leading to a full system compromise.

Reproduction

The vulnerability can be reproduced by exploiting the unquoted service path of the PTProtect service. This can be done by injecting a malicious executable into the service path 'C:\Program Files (x86)\Primera Technology\PTPublisher\UsbFlashDongleService.exe'. Once the executable is injected, it can be executed with elevated privileges, taking advantage of the unquoted service path vulnerability.