top of page
perceptive_background_267k.jpg

Adaware Web Companion version 4.8.2078.3950 contains an unquoted service path vulnerability in the WCAssistantService that allows local users to potentially exe…

Published:

4 February 2026 at 23:00:00

Alert date:

5 February 2026 at 15:04:32

Source:

nvd.nist.gov

Click to open the original link from this advisory

Operating Systems, Security Tools

CVE-2019-25287 affects Adaware Web Companion version 4.8.2078.3950 with an unquoted service path vulnerability in WCAssistantService. The vulnerability allows local users to execute code with elevated privileges by exploiting the unquoted path in C:\Program Files (x86)\Lavasoft\Web Companion\Application\. Attackers can inject malicious code that executes with LocalSystem privileges during service startup. This is a privilege escalation vulnerability that requires local access to exploit. The vulnerability enables attackers to gain system-level privileges on the affected machine.

Technical details

Mitigation steps:

Affected products:

Adaware Web Companion

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2019-25287
https://webcompanion.com/en/
https://www.exploit-db.com/exploits/47597
https://www.vulncheck.com/advisories/adaware-web-companion-version-wcassistantservice-unquoted-service-path

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Disclaimer: Deze website toont informatie afkomstig van externe bronnen. Perceptive aanvaardt geen verantwoordelijkheid voor de inhoud, juistheid of volledigheid van deze informatie.

bottom of page