VYPR

CWE-428

Unquoted Search Path or Element

BaseDraft

Description

The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path.

If a malicious individual has access to the file system, it is possible to elevate privileges by inserting such a file as "C:\Program.exe" to be run by a privileged program making use of WinExec.

Hierarchy (View 1000)

Parents

Children

none

CVEs mapped to this weakness (233)

page 6 of 12
  • CVE-2020-36982HigJan 27, 2026
    risk 0.51cvss 7.8epss 0.00

    Motorola Device Manager 2.5.4 contains an unquoted service path vulnerability in the MotoHelperService.exe service that allows local users to potentially inject malicious code. Attackers can exploit the unquoted path in the service configuration to execute arbitrary code with…

  • CVE-2020-36981HigJan 27, 2026
    risk 0.51cvss 7.8epss 0.00

    Motorola Device Manager 2.4.5 contains an unquoted service path vulnerability in the PST Service that allows local users to potentially execute arbitrary code. Attackers can exploit the unquoted path in ForwardDaemon.exe to inject malicious code that will execute with elevated…

  • CVE-2020-36980HigJan 27, 2026
    risk 0.51cvss 7.8epss 0.00

    SAntivirus IC 10.0.21.61 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted executable path to inject malicious files in the service binary…

  • CVE-2020-36979HigJan 27, 2026
    risk 0.51cvss 7.8epss 0.00

    Atheros Coex Service Application 8.0.0.255 contains an unquoted service path vulnerability in its Windows service configuration. Attackers can exploit the unquoted path by placing malicious executables in the service path to gain elevated system privileges during service startup.

  • CVE-2020-36977HigJan 27, 2026
    risk 0.51cvss 7.8epss 0.00

    Wondershare Driver Install Service contains an unquoted service path vulnerability in the ElevationService executable that allows local attackers to potentially inject malicious code. Attackers can exploit the unquoted path to replace the service binary with a malicious…

  • CVE-2020-36976HigJan 27, 2026
    risk 0.51cvss 7.8epss 0.00

    Acer Global Registration Service 1.0.0.3 contains an unquoted service path vulnerability in its service configuration that allows local users to potentially execute arbitrary code. Attackers can exploit the unquoted path in C:\Program Files (x86)\Acer\Registration\ to inject…

  • CVE-2020-36975HigJan 27, 2026
    risk 0.51cvss 7.8epss 0.00

    EPSON Status Monitor 3 version 8.0 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code by exploiting the service binary path. Attackers can leverage the unquoted path in 'C:\Program Files\Common…

  • CVE-2020-36974HigJan 27, 2026
    risk 0.51cvss 7.8epss 0.00

    Realtek Andrea RT Filters 1.0.64.7 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted path in 'C:\Program Files\IDT\WDM\AESTSr64.exe' to inject…

  • CVE-2020-36959HigJan 26, 2026
    risk 0.51cvss 7.8epss 0.00

    IDT PC Audio 1.0.6499.0 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted path in the STacSV service to inject malicious code that would execute with…

  • CVE-2020-36958HigJan 26, 2026
    risk 0.51cvss 7.8epss 0.00

    Kite 1.2020.1119.0 contains an unquoted service path vulnerability in the KiteService Windows service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files\Kite\KiteService.exe' to inject malicious…

  • CVE-2020-36957HigJan 26, 2026
    risk 0.51cvss 7.8epss 0.00

    PDF Complete 3.5.310.2002 contains an unquoted service path vulnerability in its pdfsvc.exe service configuration. Attackers can exploit the unquoted path to inject and execute malicious code with elevated LocalSystem privileges.

  • CVE-2020-36953HigJan 26, 2026
    risk 0.51cvss 7.8epss 0.00

    MiniTool ShadowMaker 3.2 contains an unquoted service path vulnerability in the MTAgentService that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files\MiniTool ShadowMaker\AgentService.exe' to inject…

  • CVE-2020-36952HigJan 26, 2026
    risk 0.51cvss 7.8epss 0.00

    IObit Uninstaller 10 Pro contains an unquoted service path vulnerability that allows local users to potentially execute code with elevated system privileges. Attackers can exploit the unquoted service path in the IObit Uninstaller Service to insert malicious code that would…

  • CVE-2020-36937HigJan 25, 2026
    risk 0.51cvss 7.8epss 0.00

    Microvirt MEMU Play 3.7.0 contains an unquoted service path vulnerability in the MEmusvc Windows service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted binary path to inject malicious executables that will be run with…

  • CVE-2020-36936HigJan 25, 2026
    risk 0.51cvss 7.8epss 0.00

    Magic Mouse 2 Utilities 2.20 contains an unquoted service path vulnerability in its Windows service configuration. Attackers can exploit the unquoted path to inject malicious executables and gain elevated system privileges by placing a malicious file in the service path.

  • CVE-2020-36935HigJan 25, 2026
    risk 0.51cvss 7.8epss 0.00

    KMSpico 17.1.0.0 contains an unquoted service path vulnerability in the Service KMSELDI configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted binary path in C:\Program Files\KMSpico\Service_KMS.exe to inject malicious…

  • CVE-2020-36934HigJan 25, 2026
    risk 0.51cvss 7.8epss 0.00

    Deep Instinct Windows Agent 1.2.24.0 contains an unquoted service path vulnerability in the DeepNetworkService that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in C:\Program Files\HP Sure…

  • CVE-2020-36933HigJan 25, 2026
    risk 0.51cvss 7.8epss 0.00

    HTC IPTInstaller 4.0.9 contains an unquoted service path vulnerability in the PassThru Service configuration. Attackers can exploit the unquoted binary path to inject and execute malicious code with elevated LocalSystem privileges.

  • CVE-2021-47898HigJan 23, 2026
    risk 0.51cvss 7.8epss 0.00

    Epson USB Display 1.6.0.0 contains an unquoted service path vulnerability in the EMP_UDSA service running with LocalSystem privileges. Attackers can exploit the unquoted path by placing malicious executables in intermediate directories to gain elevated system access.

  • CVE-2021-47896HigJan 23, 2026
    risk 0.51cvss 7.8epss 0.00

    PDF Complete Corporate Edition 4.1.45 contains an unquoted service path vulnerability in the pdfcDispatcher service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in the service binary location to inject malicious…