CVE-2017-6005

EUVD-2017-15073
Waves MaxxAudio, as installed on Dell laptops, adds a "WavesSysSvc" Windows service with File Version 1.1.6.0. This service has a vulnerability known as Unquoted Service Path. This could potentially allow an authorized but non-privileged local user to execute arbitrary code with elevated privileges on the system.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7 HIGH
LOCAL
HIGH
LOW
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 14%
Affected Products (NVD)
VendorProductVersion
wavesmaxxaudio
1.1.6.0
𝑥
= Vulnerable software versions
References
http://justpentest.blogspot.in/2017/07/dell-unquoted-service-path-local.html
http://justpentest.blogspot.in/2017/07/dell-unquoted-service-path-local.html