Adaware Web Companion version 4.8.2078.3950 contains an unquoted service path vulnerability in the WCAssistantService that allows local users to potentially exe…

CVE-2019-25287 affects Adaware Web Companion version 4.8.2078.3950 with an unquoted service path vulnerability in WCAssistantService. The vulnerability allows local users to execute code with elevated privileges by exploiting the unquoted path in C:\Program Files (x86)\Lavasoft\Web Companion\Application\. Attackers can inject malicious code that executes with LocalSystem privileges during service startup. This is a privilege escalation vulnerability that requires local access to exploit. The vulnerability enables attackers to gain system-level privileges on the affected machine.