Unquoted Service Path

A local attacker can exploit CVE-2016-20095, an unquoted service path vulnerability in Matrix42 Remote Control Host version 3.20.0031, to achieve arbitrary code execution with SYSTEM privileges by placing a malicious executable named 'Program.exe' in the 'C:\Program Files\' directory, leading to privilege escalation when the vulnerable service starts.

An unquoted service path vulnerability, CVE-2016-20089, in Iperius Remote version 1.7.0 allows a local attacker to execute arbitrary code with SYSTEM privileges by placing a malicious executable in a specific directory when the legitimate service path contains spaces, enabling privilege escalation upon service restart or system reboot.

A local exploit has been published for Lenovo LegionSpace 1.7.11.2, detailing an Unquoted Service Path vulnerability in the 'DAService', potentially leading to local privilege escalation.

VX Search 13.5.28 is vulnerable to an unquoted service path vulnerability (CVE-2021-47974) in both VX Search Server and VX Search Enterprise services, allowing local attackers to escalate privileges by placing malicious executables in unquoted path directories.

Kite 4.2.0.1 U1 contains an unquoted service path vulnerability (CVE-2020-37247) in the KiteService Windows service that allows local attackers to escalate privileges by placing a malicious executable in a directory due to the unquoted service path.

Advanced System Care Service 13.0.0.157 suffers from an unquoted service path vulnerability allowing local attackers to escalate privileges by placing a malicious executable in the system root path.

Privacy Drive 3.17.0 contains an unquoted service path vulnerability in the pdsvc.exe service, allowing local attackers to escalate privileges by placing malicious executables in the unquoted path directories, leading to arbitrary code execution with LocalSystem privileges.

Syncplify.me Server! version 5.0.37 contains an unquoted service path vulnerability (CVE-2020-37230) in the SMWebRestServicev5 service, allowing a local attacker to escalate privileges by placing a malicious executable in the service path.

OKI sPSV Port Manager 1.0.41 contains an unquoted service path vulnerability in the sPSVOpLclSrv service, allowing local attackers to escalate privileges by inserting executable files into the unquoted path.

IObit Uninstaller 9.5.0.15 contains an unquoted service path vulnerability in the IObitUnSvr service, allowing local attackers to escalate privileges to SYSTEM by placing a malicious executable in the service's path.

Argus Surveillance DVR 4.0 contains an unquoted service path vulnerability in the DVRWatchdog service (CVE-2021-47945), enabling local attackers to escalate privileges by placing a malicious executable in the Program Files directory to be executed as LocalSystem.

Sheed AntiVirus 2.3 contains an unquoted service path vulnerability in the ShavProt service that allows local attackers to escalate privileges by placing a malicious executable in the unquoted path, leading to arbitrary code execution as LocalSystem.

This rule detects potential exploitation of unquoted service path vulnerabilities, where adversaries may escalate privileges by placing a malicious executable in a higher-level directory within the path of an unquoted service executable.