CVE-2019-25266
Unquoted Service Path in Wondershare Framework Enables Privilege Escalation
Publication date: 2026-02-06
Last updated on: 2026-02-06
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wondershare | application_framework_service | 2.4.3.231 |
| wondershare | dr_fone | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-428 | The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': 'CVE-2019-25266 is an unquoted service path vulnerability found in Wondershare Application Framework Service version 2.4.3.231. This vulnerability occurs because the service executable path contains spaces but is not enclosed in quotes, which causes Windows to misinterpret the path.'}, {'type': 'paragraph', 'content': "Local attackers with limited privileges can exploit this by placing malicious executables in specific directory locations within the service's path. When the service starts, it may execute these malicious files instead of the intended executable, allowing the attacker to run arbitrary code with elevated privileges."}] [1, 2]
How can this vulnerability impact me? :
This vulnerability can lead to privilege escalation on affected systems. An attacker with local access and limited privileges can exploit the unquoted service path to execute arbitrary code with elevated (SYSTEM) privileges.
The impact includes full compromise of confidentiality, integrity, and availability of the affected system, as the attacker can run code with high-level permissions.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking if the Wondershare Application Framework Service (WsAppService) executable path is unquoted and contains spaces. Specifically, you should verify the service executable path for missing quotation marks around paths with spaces.
On a Windows system, you can use the following command to check the service path:
- sc qc WsAppService
Review the output for the BINARY_PATH_NAME field. If the path contains spaces and is not enclosed in quotes, the service is vulnerable to this unquoted service path issue.
Additionally, you can manually inspect the service executable path in the Windows Registry under: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WsAppService
What immediate steps should I take to mitigate this vulnerability?
[{'type': 'paragraph', 'content': 'To mitigate this vulnerability, immediately update the service executable path to include quotation marks around the entire path if it contains spaces. This prevents Windows from misinterpreting the path and executing malicious files.'}, {'type': 'paragraph', 'content': 'You can fix the unquoted service path by editing the service configuration using the following command with administrative privileges:'}, {'type': 'list_item', 'content': 'sc config WsAppService binPath= """C:\\Program Files (x86)\\Wondershare\\WAF\\2.4.3.231\\WsAppService.exe"""'}, {'type': 'paragraph', 'content': 'Alternatively, update or patch the Wondershare Application Framework Service to a version where this vulnerability is fixed.'}, {'type': 'paragraph', 'content': 'As an immediate protective measure, ensure that no untrusted executables exist in directories that could be interpreted as part of the service path.'}] [1, 2]