Samalucard

**Name of the Vulnerable Software and Affected Versions** EPSON Status Monitor 3 version 8.0 **Description** The EPSON Status Monitor 3 utility has a flaw due to an unquoted service path. This could allow local attackers to execute arbitrary code. The vulnerable service binary path is 'C:Program FilesCommon FilesEPSONEPW!3SSRPE S60RPB.EXE'. Attackers can exploit this unquoted path to inject malicious executables and potentially gain elevated privileges. **Recommendations** Update EPSON Status Monitor 3 to a version where the service path is properly quoted. As a temporary workaround, restrict access to the 'E S60RPB.EXE' file located in 'C:Program FilesCommon FilesEPSONEPW!3SSRP'.

**Name of the Vulnerable Software and Affected Versions** HTC IPTInstaller version 4.0.9 **Description** The software contains an unquoted service path vulnerability in the PassThru Service configuration. This allows attackers to inject and execute malicious code with elevated LocalSystem privileges by exploiting the unquoted binary path. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** KMSpico version 17.1.0.0 **Description** KMSpico 17.1.0.0 has an unquoted service path issue in the Service KMSELDI configuration. This could allow local attackers to execute arbitrary code. The issue stems from an unquoted binary path located at 'C:Program FilesKMSpicoService KMS.exe', which enables attackers to inject malicious executables and potentially escalate privileges. **Recommendations** Apply updates to address the unquoted service path issue in the Service KMSELDI configuration. As a temporary workaround, restrict access to the 'C:Program FilesKMSpicoService KMS.exe' file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Magic Mouse 2 Utilities version 2.20 **Description** The software contains an unquoted service path vulnerability in its Windows service configuration. This allows attackers to inject malicious executables and gain elevated system privileges by placing a malicious file in the service path. **Recommendations** Ensure the service path is properly quoted to prevent the injection of malicious executables.

**Name of the Vulnerable Software and Affected Versions** Microvirt MEMU Play version 3.7.0 **Description** The software contains an unquoted service path issue in the MEmusvc Windows service. This allows local attackers to potentially execute arbitrary code by exploiting the unquoted binary path to inject malicious executables. Successful exploitation could result in the execution of these executables with elevated LocalSystem privileges. **Recommendations** Ensure the service path for MEmusvc is properly quoted to prevent the execution of unauthorized code.

**Name of the Vulnerable Software and Affected Versions** ActivIdentity version 8.2 **Description** The ac.sharedstore service contains an unquoted service path. This occurs when a service path contains spaces and is not enclosed in quotation marks, allowing local attackers to inject malicious executables into the directory 'C:Program FilesCommon FilesActivIdentity' to execute arbitrary code and escalate privileges. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Connectify Hotspot 2018 **Description** Connectify Hotspot 2018 contains a flaw due to an unquoted service path in the ConnectifyService executable. This allows local attackers to potentially execute arbitrary code. The issue stems from the unquoted path 'C:Program Files (x86)ConnectifyConnectifyService.exe', which can be exploited to inject malicious executables and escalate privileges. **Recommendations** Apply updated security measures to properly quote the service path for the ConnectifyService executable.