Active Webcam 115 Unquoted Service Path Patched __hot__ 【Android Original】
Upgrading to Active WebCam version 11.6 (or later) fixes the issue by properly quoting the service’s binary path, thereby eliminating the privilege‑escalation vector. All users and administrators running version 11.5 must apply this patch immediately.
To manually patch the path via the Command Prompt, execute the following command with administrative privileges:
When Windows starts a service, it reads the path to the executable file from the registry. If the path contains spaces and lacks quotation marks, Windows interprets the spaces as separators. The operating system attempts to locate and execute programs by truncating the path at each space, appending a .exe extension, and checking if that file exists.
While third-party software updates are the preferred fix, you can manually patch this vulnerability through the Windows Registry. Step 1: Identify the Service
Navigate to: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ Locate the service associated with . Double-click the ImagePath value. Add quotation marks around the entire file path. Before: C:\Program Files (x86)\Active WebCam\WebCam.exe After: "C:\Program Files (x86)\Active WebCam\WebCam.exe" Restart the service or your computer to apply the changes. 🏛️ Security Best Practices active webcam 115 unquoted service path patched
If they lack service control permissions, they must wait for an administrator to restart the service or for a full system reboot. Once executed, Active.exe runs under the SYSTEM context, granting the attacker full administrative control over the machine. Remediation: How Active Webcam 11.5 is Patched
This command lists every service whose binary path is not quoted—a common source of privilege escalation vulnerabilities.
Monitor for changes to the registry key HKLM\SYSTEM\CurrentControlSet\Services\[Service Name]\ImagePath . Unexpected modifications to service binary paths could indicate tampering.
The official patch for CVE‑2021‑47790 is included in . Users who are running version 11.5 or any earlier 11.x version should upgrade to the latest release available from the vendor’s website. Upgrading to Active WebCam version 11
For an attacker to successfully exploit Active Webcam 11.5's unquoted service path, two conditions must be met:
The vendor has resolved the issue by properly quoting the service binary path:
—which Windows will then execute instead of the intended service file during system startup. Because services like Active WebCam often run with LocalSystem
An attacker first gains a foothold on the target system. This could be through any number of initial access vectors, such as: If the path contains spaces and lacks quotation
Administrators can fix this by navigating to the following Registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\[ServiceName]
: The exploitation can happen automatically at system boot, allowing persistent malware to disable security software before the user even logs in. How to Patch and Stay Protected
Although the vulnerability was publicly discussed for several years, the official patch was not issued until version 11.6. The delay highlights the importance of proactive vulnerability management: even if a vendor is slow to release a patch, system administrators should consider temporary workarounds or, in the worst case, remove the software.
In some cases, organisations may be unable to upgrade to version 11.6 immediately due to compatibility concerns or legacy requirements. For those situations, a can be applied: