Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-428 (未经引用的搜索路径或元素) — Vulnerability Class 296

296 vulnerabilities classified as CWE-428 (未经引用的搜索路径或元素). AI Chinese analysis included.

CWE-428 represents a critical input validation weakness where software constructs search paths containing unquoted elements with whitespace or separators. This flaw typically enables privilege escalation attacks, as attackers can exploit the ambiguous parsing by placing malicious executables in parent directories, such as creating a file named "Program.exe" within a system folder. When a privileged process executes a command like WinExec without proper quoting, it may inadvertently run the attacker-controlled file instead of the intended target. Developers prevent this vulnerability by strictly enforcing quoted strings around all path elements in command-line arguments. Additionally, implementing strict input validation and avoiding dynamic path construction from untrusted sources ensures that the operating system correctly interprets the intended file location, thereby neutralizing the risk of unintended resource access or code execution.

MITRE CWE Description
The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path. If a malicious individual has access to the file system, it is possible to elevate privileges by inserting such a file as "C:\Program.exe" to be run by a privileged program making use of WinExec.
Common Consequences (1)
Confidentiality, Integrity, AvailabilityExecute Unauthorized Code or Commands
Mitigations (3)
ImplementationProperly quote the full search path before executing a program on the system.
ImplementationAssume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does. When performing input validation, consider all potentially relevant properties, including length, type of input, the full range…
ImplementationInputs should be decoded and canonicalized to the application's current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked.
Examples (1)
The following example demonstrates the weakness.
UINT errCode = WinExec( "C:\\Program Files\\Foo\\Bar", SW_SHOW );
Bad · C
CVE IDTitleCVSSSeverityPublished
CVE-2020-36952 IObit Uninstaller 10 Pro - Unquoted Service Path — IObit Uninstaller 7.8 High2026-01-26
CVE-2020-36937 MEMU PLAY 3.7.0 - 'MEmusvc' Unquoted Service Path — MEMU PLAY 7.8 High2026-01-25
CVE-2020-36936 Magic Mouse 2 utilities 2.20 - 'magicmouse2service' Unquoted Service Path — Magic Mouse 2 utilities 7.8 High2026-01-25
CVE-2020-36935 KMSpico 17.1.0.0 - 'Service KMSELDI' Unquoted Service Path — Service KMSELDI 7.8 High2026-01-25
CVE-2020-36934 Deep Instinct Windows Agent 1.2.24.0 - 'DeepNetworkService' Unquoted Service Path — Deep Instinct Windows Agent 7.8 High2026-01-25
CVE-2020-36933 IPTInstaller 4.0.9 - 'PassThru Service' Unquoted Service Path — IPTInstaller 7.8 High2026-01-25
CVE-2021-47898 Epson USB Display 1.6.0.0 Unquoted Service Path Vulnerability — Epson USB Display 7.8 High2026-01-23
CVE-2021-47896 PDFCOMPLETE Corporate Edition 4.1.45 - 'pdfcDispatcher' Unquoted Service Path — PDFCOMPLETE Corporate Edition 7.8 High2026-01-23
CVE-2021-47890 LogonExpert 8.1 - 'LogonExpertSvc' Unquoted Service Path — LogonExpert 7.8 High2026-01-23
CVE-2021-47889 Softros LAN Messenger 9.6.4 - 'SoftrosSpellChecker' Unquoted Service Path — LAN Messenger 7.8 High2026-01-23
CVE-2021-47886 Pingzapper 2.3.1 - 'PingzapperSvc' Unquoted Service Path — Pingzapper 7.8 High2026-01-21
CVE-2021-47887 Print Job Accounting 4.4.10 - 'OkiJaSvc' Unquoted Service Path — Print Job Accounting 7.8 High2026-01-21
CVE-2021-47884 Configuration Tool 1.6.53 - 'OpLclSrv' Unquoted Service Path — Configuration Tool 7.8 High2026-01-21
CVE-2021-47883 Sandboxie Plus v0.7.2 - 'SbieSvc' Unquoted Service Path — Sandboxie Plus 7.8 High2026-01-21
CVE-2021-47882 FreeLAN 2.2 - 'FreeLAN Service' Unquoted Service Path — FreeLAN 7.8 High2026-01-21
CVE-2021-47880 Realtek Wireless LAN Utility 700.1631 - 'Realtek11nSU' Unquoted Service Path — Realtek Wireless LAN Utility 7.8 High2026-01-21
CVE-2021-47879 eBeam Interactive Suite 3.6 - 'eBeam Stylus Driver' Unquoted Service Path — eBeam Interactive Suite 7.8 High2026-01-21
CVE-2021-47878 eBeam Education Suite 2.5.0.9 - 'eBeam Device Service' Unquoted Service Path — eBeam Education Suite 7.8 High2026-01-21
CVE-2021-47874 VFS for Git 1.0.21014.1 - 'GVFS.Service' Unquoted Service Path — VFS for Git 7.8 High2026-01-21
CVE-2021-47868 WIN-PACK PRO 4.8 - 'WPCommandFileService' Unquoted Service Path — WIN-PACK PRO 7.8 High2026-01-21
CVE-2021-47869 BRAdmin Professional 3.75 - 'BRA_Scheduler' Unquoted Service Path — BRAdmin Professional 7.8 High2026-01-21
CVE-2021-47866 WIN-PACK PRO 4.8 - 'GuardTourService' Unquoted Service Path — WIN-PACK PRO 7.8 High2026-01-21
CVE-2021-47867 WIN-PACK PRO 4.8 - 'ScheduleService' Unquoted Service Path — Winpakpro 7.8 High2026-01-21
CVE-2021-47864 OSAS Traverse Extension 11 - 'travextensionhostsvc' Unquoted Service Path — OSAS Traverse Extension 7.8 High2026-01-21
CVE-2021-47863 MacPaw Encrypto 1.0.1 - 'Encrypto Service' Unquoted Service Path — Encrypto 7.8 High2026-01-21
CVE-2021-47862 Hi-Rez Studios 5.1.6.3 - 'HiPatchService' Unquoted Service Path — HiPatchService 7.8 High2026-01-21
CVE-2021-47861 Event Log Explorer 4.9.3 - 'ElodeaEventCollectorService' Unquoted Service Path — Event Log Explorer 7.8 High2026-01-21
CVE-2021-47859 ActivIdentity 8.2 - 'ac.sharedstore' Unquoted Service Path — ActivIdentity 7.8 High2026-01-21
CVE-2021-47847 Disk Sorter Server 13.6.12 - 'Disk Sorter Server' Unquoted Service Path — Disk Sorter Server 7.8 High2026-01-16
CVE-2021-47845 Spy Emergency 25.0.650 - Unquoted Service Path — Spy Emergency 7.8 High2026-01-16

Vulnerabilities classified as CWE-428 (未经引用的搜索路径或元素) represent 296 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.