PT-2025-41386 · Lavasoft · Lavasoft Web Companion
Marco Montella
+1
·
Published
2025-10-09
·
Updated
2025-10-09
·
CVE-2025-45095
CVSS v3.1
7.3
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L |
Name of the Vulnerable Software and Affected Versions
Lavasoft Web Companion versions 8.9.0.1091 through 12.1.3.1037
Description
Lavasoft Web Companion (also known as Ad-Aware WebCompanion) installs the
DCIService.exe service with an unquoted service path. An attacker with write access to the file system could potentially execute arbitrary code with elevated privileges by placing a malicious executable in the unquoted path.Recommendations
Update Lavasoft Web Companion to a version later than 12.1.3.1037.
Fix
Improper Access Control
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Lavasoft Web Companion