Unquoted Search Path Vulnerability in Microsoft AntiSpyware

CVE-2005-2935

Summary

A vulnerability exists in Microsoft AntiSpyware due to an unquoted Windows search path. This flaw allows local users to potentially execute arbitrary code by placing a malicious executable file at a specific path. When Microsoft AntiSpyware runs its main executable (AntiSpywareMain.exe), it might inadvertently execute a crafted c:\program.exe file as it looks for the gsasDtServ.exe service. This vulnerability can pose security risks, making it crucial for users to determine whether they are affected and apply necessary mitigations.

References