Birkan Alhan

**Name of the Vulnerable Software and Affected Versions** ActFax version 10.10 **Description** The software contains an unquoted service path vulnerability that may allow local attackers to escalate privileges. Specifically, the issue relates to the configuration of the ActiveFaxServiceNT service. Attackers possessing write permissions to Program Files directories can potentially inject a malicious ActSrvNT.exe executable. When the service restarts, this could grant the attacker elevated system access. **Recommendations** Ensure the service path for ActiveFaxServiceNT is properly quoted. Restrict write access to Program Files directories to authorized personnel only.