EIP-2026-117958

This advisory describes an unquoted search path vulnerability in Spybot Search & Destroy 1.6.2's 'SBSDWSCService' service, allowing local privilege escalation via arbitrary code execution. The issue stems from the service's binary path lacking quotes, enabling path hijacking if an attacker places a malicious executable in the system root path.