Description
Alps Pointing-device Controller 8.1202.1711.04 contains an unquoted service path vulnerability in the ApHidMonitorService that allows local attackers to execute code with elevated privileges. Attackers can place a malicious executable in the service path and gain system-level access when the service restarts or the system reboots.
Problem types
Unquoted Search Path or Element
Product status
Credits
Mario Rodriguez
References
www.exploit-db.com/exploits/47637 (ExploitDB-47637)
www.alps.com/e/ (Official Alps Homepage)
www.vulncheck.com/...hidmonitorservice-unquoted-service-path (VulnCheck Advisory: Alps Pointing-device Controller 8.1202.1711.04 - 'ApHidMonitorService' Unquoted Service Path)