Description
In Teradici PCoIP Agent before 19.08.1 and PCoIP Client before 19.08.3, an unquoted service path can cause execution of %PROGRAMFILES(X86)%\Teradici\PCoIP.exe instead of the intended pcoip_vchan_printing_svc.exe file.
References (1)
Core 1
Core References
Third Party Advisory x_refsource_misc
https://help.teradici.com/s/article/unquoted-service-path-vulnerability-windows-agent-client-19-08-earlier
Scores
CVSS v3
7.8
EPSS
0.0063
EPSS Percentile
45.5%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-428
Status
published
Products (3)
teradici/pcoip_client
< 19.08.3
teradici/pcoip_graphics_agent
< 19.08.1
teradici/pcoip_standard_agent
< 19.08.1
Published
Jan 08, 2020
Tracked Since
Feb 18, 2026