Alps Electric · Alps Pointing-Device Controller · CVE-2019-25285
**Name of the Vulnerable Software and Affected Versions**
Alps Pointing-device Controller version 8.1202.1711.04
**Description**
The Alps Pointing-device Controller version 8.1202.1711.04 contains an unquoted service path vulnerability in the `ApHidMonitorService`. This allows local attackers to execute code with elevated privileges. An attacker can place a malicious executable in the service path and gain system-level access when the service restarts or the system reboots.
**Recommendations**
Apply appropriate quoting to the service path to prevent unauthorized execution of files.