Executive Summary

This vulnerability is an unquoted service path issue in the 'OkiJaSvc' service of OKI Print Job Accounting version 4.4.10. Because the service path "C:\Program Files\Okidata\Print Job Accounting\" is not enclosed in quotes, Windows may incorrectly interpret the path and allow a local attacker to place malicious executables in certain locations within the path. When the service starts, it may execute these malicious files, enabling the attacker to run arbitrary code and escalate their privileges on the system. [1, 2]

Useful 0 Not Useful 0

Impact Analysis

If exploited, this vulnerability allows a local attacker with low privileges to execute arbitrary code with higher privileges, potentially leading to full system control. This can compromise the confidentiality, integrity, and availability of the affected system, as the attacker could install malware, alter data, or disrupt services. [1, 2]

Useful 0 Not Useful 0

Detection Guidance

You can detect this vulnerability by checking for unquoted service paths in the 'OkiJaSvc' service. Useful commands include: - `wmic service get name, displayname, pathname, startmode` filtered to show auto-start services with executable paths outside the Windows directory to identify unquoted paths. - `sc qc OkiJaSvc` to query the service configuration and confirm the binary path and start mode. These commands help identify if the service path is unquoted and vulnerable. [2]

Useful 0 Not Useful 0

Mitigation Strategies

Immediate mitigation steps include enclosing the service executable path in quotes to prevent path parsing issues, thereby blocking the ability to inject malicious executables. Additionally, restrict local access to trusted users only, as exploitation requires local access. If possible, update or patch the Print Job Accounting software to a version where this vulnerability is fixed. [1, 2]

Useful 0 Not Useful 0