Silvio Coppa

**Name of the Vulnerable Software and Affected Versions** Lavasoft Web Companion versions 8.9.0.1091 through 12.1.3.1037 **Description** Lavasoft Web Companion (also known as Ad-Aware WebCompanion) installs the `DCIService.exe` service with an unquoted service path. An attacker with write access to the file system could potentially execute arbitrary code with elevated privileges by placing a malicious executable in the unquoted path. **Recommendations** Update Lavasoft Web Companion to a version later than 12.1.3.1037.