Active Webcam 11.5 - Unquoted Service Path Site

Here’s a review of the in Active WebCam 11.5 (a common finding in security assessments). Vulnerability: Unquoted Service Path Software: Active WebCam 11.5 Affected component: Windows service (e.g., ActiveWebCamService ) Risk level: Medium (escalates to High if an attacker can write to a parent directory) Description The software installs a Windows service whose executable path contains spaces and is not enclosed in quotes . For example: