Samalucard

**Name of the Vulnerable Software and Affected Versions** EPSON Status Monitor 3 version 8.0 **Description** The EPSON Status Monitor 3 utility has a flaw due to an unquoted service path. This could allow local attackers to execute arbitrary code. The vulnerable service binary path is 'C:Program FilesCommon FilesEPSONEPW!3SSRPE S60RPB.EXE'. Attackers can exploit this unquoted path to inject malicious executables and potentially gain elevated privileges. **Recommendations** Update EPSON Status Monitor 3 to a version where the service path is properly quoted. As a temporary workaround, restrict access to the 'E S60RPB.EXE' file located in 'C:Program FilesCommon FilesEPSONEPW!3SSRP'.

**Name of the Vulnerable Software and Affected Versions** HTC IPTInstaller version 4.0.9 **Description** The software contains an unquoted service path vulnerability in the PassThru Service configuration. This allows attackers to inject and execute malicious code with elevated LocalSystem privileges by exploiting the unquoted binary path. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** KMSpico version 17.1.0.0 **Description** KMSpico 17.1.0.0 has an unquoted service path issue in the Service KMSELDI configuration. This could allow local attackers to execute arbitrary code. The issue stems from an unquoted binary path located at 'C:Program FilesKMSpicoService KMS.exe', which enables attackers to inject malicious executables and potentially escalate privileges. **Recommendations** Apply updates to address the unquoted service path issue in the Service KMSELDI configuration. As a temporary workaround, restrict access to the 'C:Program FilesKMSpicoService KMS.exe' file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Magic Mouse 2 Utilities version 2.20 **Description** The software contains an unquoted service path vulnerability in its Windows service configuration. This allows attackers to inject malicious executables and gain elevated system privileges by placing a malicious file in the service path. **Recommendations** Ensure the service path is properly quoted to prevent the injection of malicious executables.

**Name of the Vulnerable Software and Affected Versions** Microvirt MEMU Play version 3.7.0 **Description** The software contains an unquoted service path issue in the MEmusvc Windows service. This allows local attackers to potentially execute arbitrary code by exploiting the unquoted binary path to inject malicious executables. Successful exploitation could result in the execution of these executables with elevated LocalSystem privileges. **Recommendations** Ensure the service path for MEmusvc is properly quoted to prevent the execution of unauthorized code.

**Name of the Vulnerable Software and Affected Versions** ActivIdentity versão 8.2 **Description** O serviço ac.sharedstore contém uma vulnerabilidade de caminho de serviço não Aspas. Isso ocorre quando um caminho de serviço contém espaços e não está delimitado por aspas, permitindo que atacantes locais injetem executáveis maliciosos no diretório 'C:Program FilesCommon FilesActivIdentity' para executar código arbitrário e escalar privilégios. **Recommendations** No momento, não há informações sobre uma versão mais recente que contenha uma correção para esta vulnerabilidade.

**Name of the Vulnerable Software and Affected Versions** Connectify Hotspot 2018 **Description** Connectify Hotspot 2018 contains a flaw due to an unquoted service path in the ConnectifyService executable. This allows local attackers to potentially execute arbitrary code. The issue stems from the unquoted path 'C:Program Files (x86)ConnectifyConnectifyService.exe', which can be exploited to inject malicious executables and escalate privileges. **Recommendations** Apply updated security measures to properly quote the service path for the ConnectifyService executable.