Looks good to me. Minor comment below. Adding also others.
On Mon, Oct 16, 2017 at 4:03 PM, Christophe Fergeau wrote:
> If these paths are unquoted, and the path contains spaces (C:\Program
> Files (x86)\...), this could be exploited by putting a binary with a
> crafted name (C:\Program.exe), lea
If these paths are unquoted, and the path contains spaces (C:\Program
Files (x86)\...), this could be exploited by putting a binary with a
crafted name (C:\Program.exe), leading to priviledge escalation as this
is a service that is being started.
https://www.commonexploits.com/unquoted-service-pat
