| عنوان | Muse Group MuseHub 2.1.0.1567 Unquoted Search Path |
|---|
| الوصف | When a Windows service is configured with an executable path that contains spaces but the path is not quoted, Windows may search for and attempt to execute an executable at intermediate path segments. If one of those intermediate segments is writable by a low-privileged local user, an attacker can place an executable at that location which may be executed by the service on start or restart. In this case the service points to an unquoted path under C:\Program Files\... and evidence shows C:\Program is writable. That creates an unquoted service path vulnerability enabling local low-privileged users to achieve code execution under the service account when the service launches. |
|---|
| المصدر | ⚠️ https://github.com/lakshayyverma/CVE-Discovery/blob/main/Musehub.md |
|---|
| المستخدم | lakshay12311 (UID 91298) |
|---|
| ارسال | 02/11/2025 11:28 AM (6 أشهر منذ) |
|---|
| الاعتدال | 19/11/2025 05:52 PM (17 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 332977 [Muse Group MuseHub 2.1.0.1567 Windows Service Muse.Updater.exe تجاوز الصلاحيات] |
|---|
| النقاط | 20 |
|---|