The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path.
View on MITREIf a malicious individual has access to the file system, it is possible to elevate privileges by inserting such a file as "C:\Program.exe" to be run by a privileged program making use of WinExec.
Properly quote the full search path before executing a program on the system.
No detection method information available for this CWE.
The following example demonstrates the weakness.
Small handful of others. Program doesn't quote the "C:\Program Files\" path when calling a program to be executed - or any other path with a directory or file whose name contains a space - so attacker can put a malicious program.exe into C:.
View DetailsCreateProcess() and CreateProcessAsUser() can be misused by applications to allow "program.exe" style attacks in C:
View DetailsApplies to "Common Files" folder, with a malicious common.exe, instead of "Program Files"/program.exe.
View DetailsNo relationship information available for this CWE.
CWE-428: Unquoted Search Path or Element is a Common Weakness Enumeration (CWE) entry maintained by MITRE. The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path. If a malicious individual has access to the file system, it is possible to elevate privileges by inserting such a file as "C:\Program.exe" to be run by a privileged program making use of WinExec.
If exploited, CWE-428 (Unquoted Search Path or Element) it can compromise Confidentiality, Integrity and Availability, leading to outcomes such as Execute Unauthorized Code or Commands.
Recommended mitigations for CWE-428 include: Properly quote the full search path before executing a program on the system.
CWE-428 commonly affects Not Language-Specific. Note that weaknesses are often language-agnostic patterns, so secure coding practices apply broadly.
MITRE documents real CVEs mapped to CWE-428, including CVE-2005-1185, CVE-2005-2938 and CVE-2000-1128. You can look up the full details of each CVE, including CVSS scores and remediation guidance, on our CVE Lookup tool.
A CWE (Common Weakness Enumeration) like CWE-428 describes a category of software weakness — the underlying flaw type. A CVE (Common Vulnerabilities and Exposures) identifies a specific, real-world vulnerability in a particular product. In short, a CWE is the kind of mistake, and a CVE is an instance of that mistake being found in software.