Description
The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path.
Extended Description
If a malicious individual has access to the file system, it is possible to elevate privileges by inserting such a file as "C:\Program.exe" to be run by a privileged program making use of WinExec.
CVE vulnerabilities with CWE-428 (506)
9.8
CVSS
CRITICAL
CVE-2023-38408
pub. 2023-07-20
9.8
CVSS
CRITICAL
CVE-2022-36344
pub. 2022-08-16
9.8
CVSS
CRITICAL
CVE-2020-9292
pub. 2020-06-04
9.8
CVSS
CRITICAL
CVE-2019-17658
pub. 2020-03-12
9.8
CVSS
CRITICAL
CVE-2019-8459
pub. 2019-06-20
9.2
CVSS
CRITICAL
CVE-2025-8070
pub. 2025-07-23
9.1
CVSS
CRITICAL
CVE-2024-24722
pub. 2024-02-19
8.8
CVSS
HIGH
CVE-2025-12507
pub. 2025-10-31
8.8
CVSS
HIGH
CVE-2023-27298
pub. 2023-05-10
8.8
CVSS
HIGH
CVE-2020-27644
pub. 2020-12-29
8.8
CVSS
HIGH
CVE-2020-27645
pub. 2020-12-29
8.8
CVSS
HIGH
CVE-2016-5793
pub. 2016-09-24
8.7
CVSS
HIGH
CVE-2024-58288
pub. 2025-12-11
8.6
CVSS
HIGH
CVE-2023-53965
pub. 2025-12-22
8.5
CVSS
HIGH
CVE-2016-20085
pub. 2026-06-19
8.5
CVSS
HIGH
CVE-2016-20086
pub. 2026-06-19
8.5
CVSS
HIGH
CVE-2016-20087
pub. 2026-06-19
8.5
CVSS
HIGH
CVE-2016-20088
pub. 2026-06-19
8.5
CVSS
HIGH
CVE-2016-20089
pub. 2026-06-19
8.5
CVSS
HIGH
CVE-2016-20090
pub. 2026-06-19
Showing 20 of 506 vulnerabilities