Emmanuel Lujan

**Name of the Vulnerable Software and Affected Versions** Acer Global Registration Service versão 1.0.0.3 **Description** Existe um caminho de serviço não Aspasado na configuração do serviço. Usuários locais podem explorar o caminho não aspasado em 'C:Program Files (x86)AcerRegistration' para injetar executáveis maliciosos. Esses executáveis seriam executados com privilégios elevados de LocalSystem durante a inicialização do serviço, permitindo potencialmente a execução de código arbitrário. **Recommendations** No momento, não há informações sobre uma versão mais recente que contenha uma correção para esta vulnerabilidade.

**Name of the Vulnerable Software and Affected Versions** Acer ePowerSvc version 6.0.3008.0 **Description** The software contains an unquoted service path issue. This allows local users to potentially execute code with elevated system privileges. An attacker can exploit the unquoted path in the service configuration to inject malicious code. This code would then execute with LocalSystem permissions during service startup. **Recommendations** Apply appropriate quoting to the service path to prevent unauthorized code execution.

**Name of the Vulnerable Software and Affected Versions** Acer Updater Service version 1.2.3500.0 **Description** The Acer Updater Service contains a flaw due to an unquoted service path. This allows local users to potentially execute code with elevated system privileges. An attacker can exploit the unquoted path located in 'C:Program FilesAcerAcer Updater' by injecting malicious executables. These executables will then run with LocalSystem permissions when the service starts. **Recommendations** Apply appropriate quoting to the service path to prevent the execution of unauthorized code.

**Name of the Vulnerable Software and Affected Versions** Acer Backup Manager version 3.0.0.99 **Description** Acer Backup Manager version 3.0.0.99 has an issue with an unquoted service path in the NTI IScheduleSvc service. This could allow local users to execute arbitrary code. The unquoted path is located in C:Program Files (x86)NTIAcer Backup Manager. Exploiting this issue may allow attackers to inject malicious executables that run with elevated LocalSystem privileges. **Recommendations** Apply a fix to quote the service path for the NTI IScheduleSvc service.