A recently identified in Active WebCam 11.5 has been officially patched. Users running versions prior to the patch are strongly advised to update immediately to mitigate potential local privilege escalation risks.
A critical security flaw in Active WebCam 11.5 unquoted service path vulnerability tracked as CVE-2021-47790
wmic service get name,pathname,displayname | findstr /i "Active WebCam" Check if the "pathname" lacks double quotes. Edit the Registry Registry Editor ) as an administrator. Navigate to: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ Find the Active WebCam service entry and locate the Manually add double quotes around the entire path (e.g., "C:\Program Files\Active WebCam\awc.exe" Restart the Service active webcam 115 unquoted service path patched
Modern EDR solutions actively monitor the execution of unusual files originating from C:\ or Program Files roots (like C:\Program.exe ) and block them immediately as anomalous behavior. To proceed with securing your environment, tell me:
By locating the ImagePath string and adding double quotes around the entire path, the ambiguity is removed, and Windows will only execute the intended file. 2. Official Software Updates A recently identified in Active WebCam 11
Run the following command to list services that have spaces in their paths but are not quoted:
Security auditors and penetration testers look for this flaw during the local enumeration phase. If you are auditing a machine running Active Webcam 11.5, you can identify the vulnerability using built-in Windows tools or automated scripts. 1. Manual Detection via Command Prompt (wmic or sc) Edit the Registry Registry Editor ) as an administrator
sc config "ActiveWebcamService" binpath= "\"C:\Program Files\Active Webcam\WebcamService.exe\"" Use code with caution.
Once the patch is applied, it is vital to verify that the vulnerability is fully resolved. Re-running the WMIC enumeration command should show the path securely wrapped in quotation marks.
Open an elevated Command Prompt and execute the following query to filter out services containing spaces that lack quotation marks:
"C:\Program Files\Active WebCam\webcam.exe"