Lavasoft version 2.3.4.7 suffers from a LavasoftTcpService unquoted service path vulnerability.

MD5 | b158f77706a4c9ca81f62848d7d453fa

# Lavasoft 2.3.4.7 - 'LavasoftTcpService' Unquoted Service Path
# Author: Luis MedinaL
# Date: 2019-10-15
# Vendor Homepage: https://www.adaware.com/
# Software Link : https://www.adaware.com/antivirus
# Version : 2.3.4.7
# Tested on: Microsoft Windows 10 Pro x64 ESP

# Description:
# Lavasoft 2.3.4.7 installs LavasoftTcpService as a service with an unquoted service path

C:UsersLuis ML>sc qc LavasoftTcpService
[SC] QueryServiceConfig CORRECTO

NOMBRE_SERVICIO: LavasoftTcpService
TIPO : 10 WIN32_OWN_PROCESS
TIPO_INICIO : 2 AUTO_START
CONTROL_ERROR : 1 NORMAL
NOMBRE_RUTA_BINARIO: C:Program Files (x86)LavasoftWeb CompanionTcpService2.3.4.7LavasoftTcpService.exe
GRUPO_ORDEN_CARGA :
ETIQUETA : 0
NOMBRE_MOSTRAR : LavasoftTcpService
DEPENDENCIAS : RPCSS
NOMBRE_INICIO_SERVICIO: LocalSystem

Source