Showing posts from July, 2017

Unquoted service path local privilege escalation CVE 2017-6005

Waves MaxxAudit when installed adds a windows service with the name "WavesSysSvc". This service has a vulnerability known as Unquoted Service Path.
This could potentially allow an authorized but non-privileged local user to execute arbitrary code with elevated privileges on the system.

Version tested on: