Free and open-source vulnerability scanner

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

App screenshot

Microsoft Windows Unquoted Path Vulnerability

Information

Severity

Severity

Critical

Family

Family

Windows

CVSSv2 Base

CVSSv2 Base

9.3

CVSSv2 Vector

CVSSv2 Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Solution Type

Solution Type

Workaround

Created

Created

6 years ago

Modified

Modified

5 years ago

Summary

The script tries to detect Windows 'Uninstall' registry entries and 'Services' using an unquoted path containing at least one whitespace.

Insight

Insight

If the path contains spaces and is not surrounded by quotation marks, the Windows API has to guess where to find the referenced program. If e.g. a service is using the following unquoted path: C:\Program Files\Folder\service.exe then a start of the service would first try to run: C:\Program.exe and if not found: C:\Program Files\Folder\service.exe afterwards. In this example the behavior allows a local attacker with low privileges and write permissions on C:\ to place a malicious Program.exe which is then executed on a service/host restart or during the uninstallation of a software. NOTE: Currently only 'Services' using an unquoted path are reported as a vulnerability. The 'Uninstall' vulnerability requires an Administrator / User to actively uninstall the affected software to trigger this vulnerability.

Affected Software

Affected Software

Windows software installing an 'Uninstall' registry entriy or 'Service' using an unquoted path containing at least one whitespace.

Solution

Solution

Either put the listed vulnerable paths in quotation by manually using the onboard Registry editor or contact your vendor to get an update for the specified software that fixes this vulnerability.