Product
An unquoted service path vulnerability, CVE-2016-20089, in Iperius Remote version 1.7.0 allows a local attacker to execute arbitrary code with SYSTEM privileges by placing a malicious executable in a specific directory when the legitimate service path contains spaces, enabling privilege escalation upon service restart or system reboot.