EIP-2026-117403

PRE-CVE

Lavasoft web companion 4.1.0.409 - 'DCIservice' Unquoted Service Path

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-117403. PoCs published by P4p4 M4n3.

AI-analyzed exploit summary The exploit demonstrates an unquoted service path vulnerability in Lavasoft Web Companion 4.1.0.409, where the service path contains spaces and is not enclosed in quotes, potentially allowing local privilege escalation via path hijacking.

Description

Lavasoft web companion 4.1.0.409 - 'DCIservice' Unquoted Service Path

Exploits (1)

exploitdb WRITEUP

by P4p4 M4n3 · textlocalwindows

https://www.exploit-db.com/exploits/51143

View Code ZIP pw:eip

The exploit demonstrates an unquoted service path vulnerability in Lavasoft Web Companion 4.1.0.409, where the service path contains spaces and is not enclosed in quotes, potentially allowing local privilege escalation via path hijacking.

Classification

Writeup 90%

Attack Type

Lpe

Complexity

Trivial

Reliability

Reliable

Target: Lavasoft Web Companion 4.1.0.409

Auth required

Prerequisites: Local access to the system · Ability to create executable files in the vulnerable path

MITRE ATT&CK

T1574.009 - Path Interception by Unquoted Path

devstral-2 · analyzed Feb 19, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026