CVE-2022-35899 – Asus GameSDK v1.0.0.4 - 'GameSDK.exe' Unquoted Service Path

https://notcve.org/view.php?id=CVE-2022-35899

19 Jul 2022 — There is an unquoted service path in ASUSTeK Aura Ready Game SDK service (GameSDK.exe) 1.0.0.4. This might allow a local user to escalate privileges by creating a %PROGRAMFILES(X86)%\ASUS\GameSDK.exe file. Se presenta una ruta de servicio no citada en el servicio ASUSTeK Aura Ready Game SDK (GameSDK.exe) versión 1.0.0.4. Esto podría permitir a un usuario local escalar privilegios al crear un archivo %PROGRAMFILES(X86)%\NASUS\NGameSDK.exe Asus GameSDK version 1.0.0.4 suffers from an unquoted service path vul... • https://packetstorm.news/files/id/167763 • CWE-428: Unquoted Search Path or Element •