Bios

**Name of the Vulnerable Software and Affected Versions** EaseUS Data Recovery version 15.1.0.0 **Description** EaseUS Data Recovery 15.1.0.0 has an issue with an unquoted service path in the EaseUS UPDATE SERVICE executable. This allows attackers to inject and execute malicious code with elevated LocalSystem privileges. The vulnerable path enables the execution of arbitrary code. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PTPublisher version 2.3.4 **Description** The software contains an unquoted service path vulnerability in the PTProtect service. This allows local attackers to potentially execute arbitrary code with elevated privileges. The vulnerable path is located at 'C:Program Files (x86)Primera TechnologyPTPublisherUsbFlashDongleService.exe'. Attackers can exploit this by injecting malicious executables through the unquoted path to gain system-level access. **Recommendations** Apply appropriate quoting to the service path to prevent unauthorized execution of files.