EIP-2026-117403

The exploit demonstrates an unquoted service path vulnerability in Lavasoft Web Companion 4.1.0.409, where the service path contains spaces and is not enclosed in quotes, potentially allowing local privilege escalation via path hijacking.