Primary

Context

Cain and Abel Unquoted Service Path Vulnerability Allowing Arbitrary Code Execution

Vulnerability

A vulnerability exists in Cain & Abel version 4.9.56 due to an unquoted service path. This flaw allows local attackers to execute arbitrary code with elevated privileges. Exploitation involves injecting malicious executables into the unquoted binary path, which are then executed with LocalSystem permissions.

Impact

Exploitation of this vulnerability could lead to unauthorized execution of arbitrary code with elevated privileges, allowing local attackers to gain higher access rights and potentially manipulate system functions or data.

Reproduction

The vulnerability can be reproduced by creating a service with an unquoted path that includes spaces. Once the service is started, any executable placed in the path can be executed with LocalSystem privileges.

Added: Jan 13, 2026, 11:59 PM

Updated: Jan 13, 2026, 11:59 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

4.6

remediation

0.0

relevance

2.0

threat

6.4

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

4.6

remediation

0.0

relevance

2.0

threat

6.4

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Cain and Abel Unquoted Service Path Vulnerability Allowing Arbitrary Code Execution

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating