Description
Iperius Remote 1.7.0 contains an unquoted service path vulnerability that allows local users to execute arbitrary code with SYSTEM privileges by exploiting the service installation path. When installed from directories containing spaces, attackers can place malicious executables in the path to be executed with elevated privileges during service startup or system reboot.
Published: 2026-06-19
Score: 8.5 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Iperius Remote 1.7.0 contains an unquoted service path vulnerability that allows a local user to install the software in a directory containing spaces. When the service starts or the system reboots, the Windows Service Manager expands the unquoted path, causing it to search for executables in each component of the path. An attacker can place a malicious executable with a name that matches one of the path components, which will then be launched with SYSTEM privileges, giving the attacker full control over the affected machine.

Affected Systems

The vulnerability applies to Iperius Remote version 1.7.0. No other versions are listed in the CNA data, so all installations of version 1.7.0 are implicated.

Risk and Exploitability

The CVSS score of 8.5 indicates a high severity, and the exploit requires local attacker privileges and the ability to write files to the service installation directory. Although an EPSS score is not available and the vulnerability is not listed in the CISA KEV catalog, the vulnerability is still highly dangerous because it can be executed during normal service startup or system reboots once the malicious file is in place. The attack vector is local with an attacker-controlled system, making this a critical privilege-escalation flaw for any system running the vulnerable service.

Generated by OpenCVE AI on June 19, 2026 at 20:39 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Iperius Remote to an unquoted-service-path-safe release or the latest patch that quotes the service path.
  • Rename the service installation directory to remove spaces or edit the service configuration to use a fully quoted path for the executable via the sc config command or the registry.
  • Restrict write permissions on the service installation directory so that only administrators can place files there, preventing local users from dropping malicious executables.

Generated by OpenCVE AI on June 19, 2026 at 20:39 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 19 Jun 2026 18:15:00 +0000

Type Values Removed Values Added
Description Iperius Remote 1.7.0 contains an unquoted service path vulnerability that allows local users to execute arbitrary code with SYSTEM privileges by exploiting the service installation path. When installed from directories containing spaces, attackers can place malicious executables in the path to be executed with elevated privileges during service startup or system reboot.
Title Iperius Remote 1.7.0 Unquoted Service Path Elevation of Privilege
Weaknesses CWE-428
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 8.5, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-06-19T14:16:43.821Z

Reserved: 2026-06-19T13:19:57.911Z

Link: CVE-2016-20089

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-19T20:00:12Z

Weaknesses
  • CWE-428

    Unquoted Search Path or Element