Htc · Vive Runtime Service · CVE-2022-50918
**Name of the Vulnerable Software and Affected Versions**
VIVE Runtime Service version 1.0.0.4
**Description**
The VIVE Runtime Service contains a flaw due to an unquoted service path. This allows local users to potentially execute arbitrary code with elevated system privileges. An attacker can exploit the unquoted binary path by placing malicious executables in specific system directories, gaining LocalSystem access during service startup.
**Recommendations**
Ensure the service path is properly quoted to prevent unauthorized execution of arbitrary code.