Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
Microsoft Windows Unquoted Path Vulnerability
Information
Severity
Severity
Family
Family
CVSSv2 Base
CVSSv2 Base
CVSSv2 Vector
CVSSv2 Vector
Solution Type
Solution Type
Created
Created
Modified
Modified
Summary
The script tries to detect Windows 'Uninstall' registry entries and 'Services' using an unquoted path containing at least one whitespace.
Insight
Insight
If the path contains spaces and is not surrounded by quotation marks, the Windows API has to guess where to find the referenced program. If e.g. a service is using the following unquoted path: C:\Program Files\Folder\service.exe then a start of the service would first try to run: C:\Program.exe and if not found: C:\Program Files\Folder\service.exe afterwards. In this example the behavior allows a local attacker with low privileges and write permissions on C:\ to place a malicious Program.exe which is then executed on a service/host restart or during the uninstallation of a software. NOTE: Currently only 'Services' using an unquoted path are reported as a vulnerability. The 'Uninstall' vulnerability requires an Administrator / User to actively uninstall the affected software to trigger this vulnerability.
Affected Software
Affected Software
Windows software installing an 'Uninstall' registry entriy or 'Service' using an unquoted path containing at least one whitespace.
Solution
Solution
Either put the listed vulnerable paths in quotation by manually using the onboard Registry editor or contact your vendor to get an update for the specified software that fixes this vulnerability.
Common Vulnerabilities and Exposures (CVE)
- CVE-2013-1609
- CVE-2014-0759
- CVE-2014-5455
- CVE-2018-6321
- CVE-2018-6016
- CVE-2018-6384
- CVE-2017-14019
- CVE-2016-6803
- CVE-2017-12730
- CVE-2017-9644
- CVE-2017-9247
- CVE-2017-3005
- CVE-2017-5873
- CVE-2016-8769
- CVE-2016-9356
- CVE-2016-7165
- CVE-2012-4350
- CVE-2013-1092
- CVE-2013-2176
- CVE-2013-1610
- CVE-2013-2231
- CVE-2013-6182
- CVE-2013-2151
- CVE-2013-2152
- CVE-2013-5011
- CVE-2009-2761
- CVE-2014-4634
- CVE-2015-0884
- CVE-2015-2789
- CVE-2015-1484
- CVE-2015-3987
- CVE-2015-4173
- CVE-2014-9646
- CVE-2015-7866
- CVE-2015-8156
- CVE-2016-4158
- CVE-2016-5793
- CVE-2016-6935
- CVE-2017-1000475
- CVE-2017-14030
- CVE-2017-15383
- CVE-2017-3757
- CVE-2017-3756
- CVE-2017-3751
- CVE-2017-6005
- CVE-2017-7180
- CVE-2016-8225
- CVE-2016-8102
- CVE-2016-3161
- CVE-2016-5852
- CVE-2013-0513
- CVE-2018-2406
- CVE-2018-5470
- CVE-2015-8988
- CVE-2018-0594
- CVE-2018-0595