EIP-2026-117402

PRE-CVE

Lavasoft 2.3.4.7 - 'LavasoftTcpService' Unquoted Service Path

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-117402. PoCs published by Luis MedinaL.

AI-analyzed exploit summary This is a technical writeup describing an unquoted service path vulnerability in Lavasoft 2.3.4.7. The service 'LavasoftTcpService' is installed with an unquoted path, which could allow local privilege escalation if an attacker can place a malicious executable in a higher-level directory.

Description

Lavasoft 2.3.4.7 - 'LavasoftTcpService' Unquoted Service Path

Exploits (1)

exploitdb WRITEUP

by Luis MedinaL · textlocalwindows

https://www.exploit-db.com/exploits/47504

View Code ZIP pw:eip

This is a technical writeup describing an unquoted service path vulnerability in Lavasoft 2.3.4.7. The service 'LavasoftTcpService' is installed with an unquoted path, which could allow local privilege escalation if an attacker can place a malicious executable in a higher-level directory.

Classification

Writeup 90%

Attack Type

Lpe

Complexity

Trivial

Reliability

Reliable

Target: Lavasoft Web Companion 2.3.4.7

Auth required

Prerequisites: Local access to the system · Ability to write to a directory in the unquoted path

MITRE ATT&CK

T1574.009 - Path Interception by Unquoted Path

devstral-2 · analyzed Feb 19, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026