Julio Aviña

**Name of the Vulnerable Software and Affected Versions** OKI sPSV Port Manager version 1.0.41 **Description** An unquoted service path issue exists in the `sPSVOpLclSrv` service. This allows local attackers to escalate privileges by placing a malicious executable file within the unquoted directory path. The malicious file will then execute with LocalSystem privileges upon service restart or system reboot. **Recommendations** For version 1.0.41, ensure the service path for `sPSVOpLclSrv` is properly quoted or restrict write permissions to the directories within the service path to prevent unauthorized executable placement.

**Name of the Vulnerable Software and Affected Versions** Syncplify.me Server! version 5.0.37 **Description** The SMWebRestServicev5 service contains an unquoted service path, which occurs when a service executable path contains spaces and is not enclosed in quotation marks. This allows local attackers to escalate privileges by inserting a malicious executable into the service path, which then executes with LocalSystem privileges upon service restart or system reboot. **Recommendations** For version 5.0.37, ensure the service path for SMWebRestServicev5 is properly quoted in the system registry to prevent the execution of unauthorized binaries.

**Name of the Vulnerable Software and Affected Versions** iFunbox version 4.2 **Description** iFunbox 4.2 contains a flaw related to an unquoted service path within the Apple Mobile Device Service. This allows local attackers to potentially execute code with elevated privileges. Specifically, attackers can place a malicious executable within the unquoted service path, which then runs with LocalSystem privileges upon service restart. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Wise Care 365 version 5.6.7.568 **Description** The software contains an unquoted service path vulnerability within the WiseBootAssistant service, which operates with LocalSystem privileges. An attacker can leverage this by placing a malicious executable within the service path. Upon service restart, this executable will run with elevated system privileges. **Recommendations** Apply appropriate quoting to the service path to prevent unauthorized execution of malicious files.

**Name of the Vulnerable Software and Affected Versions** VSO ConvertXtoDvd version 7.0.0.83 **Description** A critical vulnerability was found in the library avcodec.dll of the file ConvertXtoDvd.exe, affecting an unknown function. The manipulation leads to an uncontrolled search path. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. **Recommendations** As a temporary workaround, consider restricting access to the library avcodec.dll to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.