CVE-2019-25274

Name of the Vulnerable Software and Affected Versions ProShow Producer version 9.0.3797

Description The software contains an unquoted service path vulnerability within the ScsiAccess service. This allows local attackers to potentially execute arbitrary code. Exploitation involves leveraging the unquoted binary path to inject malicious executables. These executables will then run with LocalSystem privileges when the service starts.

Recommendations Apply appropriate quoting to the service path to prevent the execution of unauthorized code.