CVE-2019-25274
Unknown Unknown - Not Provided
Unquoted Service Path in ProShow Producer Allows Local Code Execution

Publication date: 2026-02-05

Last updated on: 2026-02-05

Assigner: VulnCheck

Description
ProShow Producer 9.0.3797 contains an unquoted service path vulnerability in the ScsiAccess service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted binary path to inject malicious executables that will be run with LocalSystem privileges during service startup.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-05
Last Modified
2026-02-05
Generated
2026-06-16
AI Q&A
2026-02-05
EPSS Evaluated
2026-06-15
NVD
CVE-2019-25274
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
photodex proshow_producer 9.0.3797
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-428 The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

[{'type': 'paragraph', 'content': 'CVE-2019-25274 is an unquoted service path vulnerability found in ProShow Producer version 9.0.3797, specifically in the ScsiAccess Windows service.'}, {'type': 'paragraph', 'content': "Because the service's binary path contains spaces and is not enclosed in quotes, a local attacker can exploit this by placing a malicious executable in a location that the system mistakenly interprets as the service executable path."}, {'type': 'paragraph', 'content': 'When the service starts, the malicious executable can be run with LocalSystem privileges, allowing the attacker to execute arbitrary code with elevated rights.'}] [1, 2]

Impact Analysis

This vulnerability can allow a local attacker to escalate their privileges by executing arbitrary code with LocalSystem privileges on the affected system.

Such elevated privileges can lead to full control over the system, including the ability to modify system files, install malware, or access sensitive data.

Because the attack requires local access, it primarily impacts users or attackers who already have some level of access to the machine.

Compliance Impact

I don't know

Detection Guidance

This vulnerability can be detected by checking the service configuration for the ScsiAccess service to see if its binary path is unquoted and contains spaces. Specifically, you want to verify if the service path is something like: C:\Program Files\Photodex\ProShow Producer\ScsiAccess.exe without quotation marks.

On a Windows system, you can use the following command to check the binary path of the ScsiAccess service:

  • sc qc ScsiAccess

If the BINARY_PATH_NAME output shows an unquoted path with spaces, the system is vulnerable to this unquoted service path issue.

Additionally, you can manually inspect the service path in the Windows Registry under: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ScsiAccess

Mitigation Strategies

[{'type': 'paragraph', 'content': 'To mitigate this vulnerability, you should correct the unquoted service path by enclosing the binary path of the ScsiAccess service in quotation marks. This prevents the system from misinterpreting the path and executing malicious executables placed in intermediate directories.'}, {'type': 'paragraph', 'content': 'You can do this by editing the service configuration or the registry entry for the ScsiAccess service to ensure the binary path is quoted, for example:'}, {'type': 'list_item', 'content': '"C:\\Program Files\\Photodex\\ProShow Producer\\ScsiAccess.exe"'}, {'type': 'paragraph', 'content': 'After making this change, restart the service or reboot the system to apply the fix.'}, {'type': 'paragraph', 'content': 'Additionally, ensure that only trusted users have write permissions to the directories in the service path to prevent placing malicious executables.'}] [1, 2]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2019-25274. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart