Lavasoft version 2.3.4.7 suffers from a LavasoftTcpService unquoted service path vulnerability.
b158f77706a4c9ca81f62848d7d453fa# Lavasoft 2.3.4.7 - 'LavasoftTcpService' Unquoted Service Path
# Author: Luis MedinaL
# Date: 2019-10-15
# Vendor Homepage: https://www.adaware.com/
# Software Link : https://www.adaware.com/antivirus
# Version : 2.3.4.7
# Tested on: Microsoft Windows 10 Pro x64 ESP
# Description:
# Lavasoft 2.3.4.7 installs LavasoftTcpService as a service with an unquoted service path
C:\Users\Luis ML>sc qc LavasoftTcpService
[SC] QueryServiceConfig CORRECTO
NOMBRE_SERVICIO: LavasoftTcpService
TIPO : 10 WIN32_OWN_PROCESS
TIPO_INICIO : 2 AUTO_START
CONTROL_ERROR : 1 NORMAL
NOMBRE_RUTA_BINARIO: C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe
GRUPO_ORDEN_CARGA :
ETIQUETA : 0
NOMBRE_MOSTRAR : LavasoftTcpService
DEPENDENCIAS : RPCSS
NOMBRE_INICIO_SERVICIO: LocalSystem