CVE-2019-25287
Unquoted Service Path in Adaware Web Companion Enables Privilege Escalation
Publication date: 2026-02-05
Last updated on: 2026-02-05
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| lavasoft | web_companion | to 4.8.2078.3950 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-428 | The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
Adaware Web Companion version 4.8.2078.3950 contains an unquoted service path vulnerability in the WCAssistantService. This means that the service executable path, which includes spaces, is not enclosed in quotes. Because of this, a local attacker can place malicious executables in directories along the service path. When the service starts, the system may execute the malicious code instead of the legitimate service executable.
This vulnerability allows local users to execute arbitrary code with elevated privileges, specifically with LocalSystem privileges, which is a very high level of access on the system.
How can this vulnerability impact me? :
If exploited, this vulnerability allows a local attacker to run arbitrary code with LocalSystem privileges. This means the attacker can gain full control over the affected system, potentially installing malware, stealing sensitive data, modifying system configurations, or disrupting system availability.
Because the attack requires local access and the ability to write files to certain directories, it is primarily a local privilege escalation vulnerability. However, once exploited, the impact on confidentiality, integrity, and availability of the system is high.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': "This vulnerability can be detected by checking the service configuration for unquoted service paths, specifically for the 'WCAssistantService'."}, {'type': 'paragraph', 'content': 'Commands such as Windows Management Instrumentation Command-line (WMIC) and Service Control (sc) can be used to query the service details and confirm the unquoted path.'}, {'type': 'list_item', 'content': 'Use WMIC to query the service path: wmic service where "name=\'WCAssistantService\'" get PathName'}, {'type': 'list_item', 'content': 'Use sc qc command to query the service configuration: sc qc WCAssistantService'}, {'type': 'paragraph', 'content': 'If the executable path returned contains spaces and is not enclosed in quotes, the service is vulnerable to this unquoted service path issue.'}] [2]
What immediate steps should I take to mitigate this vulnerability?
[{'type': 'paragraph', 'content': 'To mitigate this vulnerability, immediately ensure that the service executable path is properly quoted to prevent execution of malicious code.'}, {'type': 'paragraph', 'content': 'Specifically, update the service configuration to enclose the executable path in double quotes, for example: "C:\\Program Files (x86)\\Lavasoft\\Web Companion\\Application\\Lavasoft.WCAssistant.WinService.exe".'}, {'type': 'paragraph', 'content': 'Additionally, restrict write permissions on directories in the service path to prevent attackers from placing malicious executables.'}, {'type': 'paragraph', 'content': 'If possible, update or patch Adaware Web Companion to a version that addresses this vulnerability.'}] [1, 2]