CVE-2019-25287

Name of the Vulnerable Software and Affected Versions Adaware Web Companion version 4.8.2078.3950

Description Adaware Web Companion version 4.8.2078.3950 contains an unquoted service path vulnerability in the WCAssistantService. This allows local users to potentially execute code with elevated privileges. An attacker can exploit the unquoted path located at C:Program Files (x86)LavasoftWeb CompanionApplication to inject malicious code. This injected code would execute with LocalSystem privileges during service startup.

Recommendations Update Adaware Web Companion to a version that addresses this issue. As a temporary workaround, restrict access to the vulnerable service WCAssistantService to minimize the risk of exploitation.