Emmanuel Lujan

**Name of the Vulnerable Software and Affected Versions** Acer Global Registration Service version 1.0.0.3 **Description** An unquoted service path exists in the service configuration. Local users can exploit the unquoted path in 'C:Program Files (x86)AcerRegistration' to inject malicious executables. These executables would run with elevated LocalSystem privileges during service startup, potentially leading to arbitrary code execution. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Acer ePowerSvc version 6.0.3008.0 **Description** The software contains an unquoted service path issue. This allows local users to potentially execute code with elevated system privileges. An attacker can exploit the unquoted path in the service configuration to inject malicious code. This code would then execute with LocalSystem permissions during service startup. **Recommendations** Apply appropriate quoting to the service path to prevent unauthorized code execution.

**Name of the Vulnerable Software and Affected Versions** Acer Updater Service version 1.2.3500.0 **Description** The Acer Updater Service contains a flaw due to an unquoted service path. This allows local users to potentially execute code with elevated system privileges. An attacker can exploit the unquoted path located in 'C:Program FilesAcerAcer Updater' by injecting malicious executables. These executables will then run with LocalSystem permissions when the service starts. **Recommendations** Apply appropriate quoting to the service path to prevent the execution of unauthorized code.

**Name of the Vulnerable Software and Affected Versions** Acer Backup Manager version 3.0.0.99 **Description** Acer Backup Manager version 3.0.0.99 has an issue with an unquoted service path in the NTI IScheduleSvc service. This could allow local users to execute arbitrary code. The unquoted path is located in C:Program Files (x86)NTIAcer Backup Manager. Exploiting this issue may allow attackers to inject malicious executables that run with elevated LocalSystem privileges. **Recommendations** Apply a fix to quote the service path for the NTI IScheduleSvc service.