USB Flash Drives Control Unquoted Service Path Privilege Escalation Vulnerability

A privilege escalation vulnerability has been identified in USB Flash Drives Control version 4.1.0.0, due to an unquoted service path in the application's service configuration. This flaw allows local attackers to execute arbitrary code by exploiting the unquoted path in 'C:\Program Files\USB Flash Drives Control\usbcs.exe'. Attackers can inject malicious executables, potentially leading to elevated privileges on Windows systems.

Impact

Exploitation of this vulnerability could allow local attackers to execute arbitrary code with elevated privileges.

Reproduction

The vulnerability can be reproduced by injecting a malicious executable into the unquoted service path of the USB Flash Drives Control application. This can be done by exploiting the service configuration that fails to properly quote the path to the application's executable.