关键漏洞信息 CVE: Unquoted Service Path -> Local Privilege Escalation (CWE-428) Summary The Windows service is registered with an unquoted ImagePath: Because the path contains spaces and is not quoted, the Windows service loader may attempt to resolve and execute an executable from earlier path tokens. If an intermediate token is writable by a non-privileged local user, that user could place a malicious binary that may be executed with the service's privileges (the service runs as ), resulting in local privilege escalation and potential full system compromise. Severity High CWE: CWE-428 (Unquoted Search Path or Element) Suggested CVSS v3.1: 7.8 (AV:L/AC:L/PR:N/UI:NS/C:H/I:H/A:H) Affected Product / Version Product / Service: Hasleo Backup Suite — Service HasleoBackupSuiteService Detected ImagePath: Service Account LocalSystem (high privilege) Vulnerability Details When a service ImagePath is unquoted and contains spaces, Windows may parse the path at spaces and search for executables at earlier path tokens. If one of those earlier tokens corresponds to a location writable by an unprivileged user, the attacker can place an executable at that location; starting or restarting the service may cause that executable to run under the service account. This is a configuration/installer issue and can be fixed by quoting the ImagePath and enforcing secure ACLs on the service binary directories. Proof-of-Concept Identify service ImagePath: Impact Local unprivileged user + writable early path token → execution as → full system compromise (persistence, credential theft, tampering, lateral movement). References https://cwe.mitre.org/data/definitions/428.html