Posts

Showing posts from July, 2017

Unquoted service path local privilege escalation CVE 2017-6005

Image
Waves MaxxAudit when installed adds a windows service with the name "WavesSysSvc". This service has a vulnerability known as Unquoted Service Path. This could potentially allow an authorized but non-privileged local user to execute arbitrary code with elevated privileges on the system. Version tested on: