[原文]Unquoted Windows search path vulnerability in Musicmatch Jukebox 10.00.2047 and earlier allows local users to gain privileges via a malicious C:\program.exe file, which is run by MMFWLaunch.exe when it attempts to execute launch.exe.
Musicmatch Jukebox contains a flaw that may allow a malicious local user to gain elevated privileges. The issue is due to improper quoting of path data in the CreateProcess() function and is triggered by launching the Musicmatch Jukebox software. Note that although this vulnerability is not directly exploitable, it is possible that when combined with a vulnerability that allows for some malicious application to be saved to a specific location on the file system, it may allow for privilege escalation resulting in a loss of confidentiality.
Currently, there are no known workarounds or upgrades to correct this issue. However, Musicmatch Inc. has released a patch to address this vulnerability.