PT-2026-2394 · Htc · Vive Runtime Service

Faisal Alasmari

Publicado

2026-01-13

Atualizado

2026-01-15

CVE-2022-50918

CVSS v3.1

8.4

Alta

Vetor

AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions VIVE Runtime Service version 1.0.0.4

Description The VIVE Runtime Service contains a flaw due to an unquoted service path. This allows local users to potentially execute arbitrary code with elevated system privileges. An attacker can exploit the unquoted binary path by placing malicious executables in specific system directories, gaining LocalSystem access during service startup.

Recommendations Ensure the service path is properly quoted to prevent unauthorized execution of arbitrary code.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-428

Identificadores relacionados

CVE-2022-50918

Produtos afetados

Vive Runtime Service

PT-2026-2394 · Htc · Vive Runtime Service

CVE-2022-50918

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6