CNNVD-202510-3272 Information
CNNVD ID
CNNVD-202510-3272
Related CVE
- CNNVD Published: 2025-10-23
Description (Chinese)
I-O DATA NarSuS App是日本艾欧资讯(I-O DATA)公司的一款包含设备检测、驱动安装、配置辅助、固件更新、服务注册等功能的桌面软件。 I-O DATA NarSuS App存在代码问题漏洞,该漏洞源于Windows服务注册了未加引号的文件路径,可能导致具有系统驱动器根目录写入权限的用户以SYSTEM特权执行任意代码。
Description (English)
I-O DATA Narus App is a section of the Japanese company I-O DATA on desktop software that contains equipment detection, drive installation, configuration aids, solidware upgrades, service registration, etc. The I-O DATA Narus App has a code problem loophole, which stems from the Windows service ’ s registration of unquoted file paths, which may lead users with system drive root directory write permission to execute any code under SYSTEM privileges.
Hazard Level
High
Vulnerability Type
代码问题
Affected Vendor
艾欧资讯
Published
2025-10-23
Last Modified
2026-02-24
References
https://jvn.jp/en/jp/JVN03295012/ https://www.iodata.jp/support/information/2025/12_CloneforWindows/ https://www.iodata.jp/support/information/2025/10_NarSuS_App/
Patch
https://www.iodata.jp/lib/software/n/1893.htm
Share on: