EIP-2026-117489

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-117489. PoCs published by Antonio Cuomo.

AI-analyzed exploit summary This is a technical writeup demonstrating an unquoted service path vulnerability in Microsoft Exchange Server 2013 SP1. The exploit leverages the lack of quotes around the executable path in the 'MSExchangeMailboxAssistants' service, potentially allowing local privilege escalation if an attacker can place a malicious executable in a higher-priority path.

Description

Microsoft Exchange Mailbox Assistants 15.0.847.40 - 'Service MSExchangeMailboxAssistants' Unquoted Service Path

Exploits (1)

exploitdb WRITEUP

by Antonio Cuomo · textlocalwindows

https://www.exploit-db.com/exploits/50867

View Code ZIP pw:eip

This is a technical writeup demonstrating an unquoted service path vulnerability in Microsoft Exchange Server 2013 SP1. The exploit leverages the lack of quotes around the executable path in the 'MSExchangeMailboxAssistants' service, potentially allowing local privilege escalation if an attacker can place a malicious executable in a higher-priority path.

Classification

Writeup 90%

Attack Type

Lpe

Complexity

Trivial

Reliability

Reliable

Target: Microsoft Exchange Server 2013 SP1 (15.0.847.40)

Auth required

Prerequisites: Local access to the system · Ability to write to a directory in the unquoted path

MITRE ATT&CK

T1574.009 - Path Interception by Unquoted Path

devstral-2 · analyzed Feb 19, 2026 Full analysis →

Microsoft Exchange Mailbox Assistants 15.0.847.40 - 'Service MSExchangeMailboxAssistants' Unquoted Service Path

Exploitation Summary

Description

Exploits (1)

Details