KMSpico 17.1.0.0 contains an unquoted service path vulnerability that allows local attackers to execute arbitrary code with elevated privileges. The vulnerability exists in the Service KMSELDI configuration due to the unquoted binary path, enabling malicious executable injection.
KMSpico 17.1.0.0 contains an unquoted service path vulnerability in the Service KMSELDI configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted binary path in C:\Program Files\KMSpico\Service_KMS.exe to inject malicious executables and escalate privileges.