CVE-2019-25281

Name of the Vulnerable Software and Affected Versions NCP Secure Entry Client version 9.2

Description NCP Secure Entry Client 9.2 contains a flaw due to unquoted service paths in multiple Windows services. This allows local users to potentially execute arbitrary code. Specifically, attackers can exploit unquoted paths in services such as ncprwsnt, rwsrsu, ncpclcfg, and NcpSec to inject malicious code. This code would then execute with LocalSystem privileges during service startup.

Recommendations Versions prior to 9.2 should be used. At the moment, there is no information about a newer version that contains a fix for this vulnerability.