Lenovo LegionSpace 1.7.11.2 - 'DAService' Unquoted Service Path
Lenovo LegionSpace version 1. 7. 11. 2 contains an unquoted service path vulnerability in the 'DAService' service. This vulnerability allows a local user to place malicious executables in the system path, which could be executed with elevated privileges during service startup. The vendor has released a fixed version 1. 8. 12. 13 to address this issue. No CVE identifier is assigned, and no known exploits in the wild have been reported.
AI Analysis
Technical Summary
The vulnerability is an unquoted service path in the 'DAService' Windows service of Lenovo LegionSpace 1.7.11.2. The service binary path contains spaces and is not enclosed in quotes, which can allow a local attacker to execute arbitrary code with elevated privileges by placing a malicious executable in a path segment that the system interprets incorrectly. The service runs with LocalSystem privileges and starts automatically. The vendor was notified on 2025-12-04 and released a fixed version on 2026-02-09. Exploit code is publicly available in text format.
Potential Impact
If exploited, a local attacker could execute arbitrary code with elevated privileges on the affected system. This could lead to full system compromise under the context of the LocalSystem account. However, exploitation requires local access and the ability to write to specific directories in the file system.
Mitigation Recommendations
Upgrade Lenovo LegionSpace to version 1.8.12.13 or later, as provided by the vendor. This official fix addresses the unquoted service path vulnerability. No other mitigation actions are indicated by the vendor advisory.
Indicators of Compromise
- exploit-code: # Exploit Title: Lenovo LegionSpace 1.7.11.2 - 'DAService' Unquoted Service Path # Exploit Author: CENACIF-MX # Discovery Date: 2025-12-04 # Vendor Homepage: https://support.lenovo.com/es/es/solutions/legion_space # Tested Version: 1.7.11.2 # Vulnerability Type: Unquoted Service Path # Tested on OS: Microsoft Windows 11 Enterprise x64 es # Fix: Upgrade to Lenovo LegionSpace 1.8.12.13 or later # CVE : N/A # Disclosure Timeline # | Date | Event | # |------|-------| # | 2025-12-04 | Vulnerability discovered | # | 2025-12-04 | Vendor notified | # | 2026-02-09 | New version | # Step to discover Unquoted Service Path: C:\>wmic service get name, pathname, displayname, startmode | findstr "Auto" | findstr /i /v "C:\Windows\\" | findstr /i "Lenovo" | findstr /i /v """ DAService DAService C:\Program Files\Lenovo\LegionSpace\1.7.11.2\LSDaemon.exe Auto # Service info: C:\>sc qc "DAService" [SC] QueryServiceConfig CORRECTO NOMBRE_SERVICIO: DAService TIPO : 10 WIN32_OWN_PROCESS TIPO_INICIO : 2 AUTO_START CONTROL_ERROR : 1 NORMAL NOMBRE_RUTA_BINARIO: C:\Program Files\Lenovo\LegionSpace\1.7.11.2\LSDaemon.exe GRUPO_ORDEN_CARGA : ETIQUETA : 0 NOMBRE_MOSTRAR : DAService DEPENDENCIAS : NOMBRE_INICIO_SERVICIO: LocalSystem #Exploit: A successful attempt would require the local user to be able to insert their code in the system root path undetected by the OS or other security applications where it could potentially be executed during application startup or reboot. If successful, the local user's code would execute with the elevated privileges of the application.
Lenovo LegionSpace 1.7.11.2 - 'DAService' Unquoted Service Path
Description
Lenovo LegionSpace version 1. 7. 11. 2 contains an unquoted service path vulnerability in the 'DAService' service. This vulnerability allows a local user to place malicious executables in the system path, which could be executed with elevated privileges during service startup. The vendor has released a fixed version 1. 8. 12. 13 to address this issue. No CVE identifier is assigned, and no known exploits in the wild have been reported.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The vulnerability is an unquoted service path in the 'DAService' Windows service of Lenovo LegionSpace 1.7.11.2. The service binary path contains spaces and is not enclosed in quotes, which can allow a local attacker to execute arbitrary code with elevated privileges by placing a malicious executable in a path segment that the system interprets incorrectly. The service runs with LocalSystem privileges and starts automatically. The vendor was notified on 2025-12-04 and released a fixed version on 2026-02-09. Exploit code is publicly available in text format.
Potential Impact
If exploited, a local attacker could execute arbitrary code with elevated privileges on the affected system. This could lead to full system compromise under the context of the LocalSystem account. However, exploitation requires local access and the ability to write to specific directories in the file system.
Mitigation Recommendations
Upgrade Lenovo LegionSpace to version 1.8.12.13 or later, as provided by the vendor. This official fix addresses the unquoted service path vulnerability. No other mitigation actions are indicated by the vendor advisory.
Technical Details
- Edb Id
- 52570
- Has Exploit Code
- true
- Code Language
- text
Indicators of Compromise
Exploit Source Code
Exploit code for Lenovo LegionSpace 1.7.11.2 - 'DAService' Unquoted Service Path
# Exploit Title: Lenovo LegionSpace 1.7.11.2 - 'DAService' Unquoted Service Path # Exploit Author: CENACIF-MX # Discovery Date: 2025-12-04 # Vendor Homepage: https://support.lenovo.com/es/es/solutions/legion_space # Tested Version: 1.7.11.2 # Vulnerability Type: Unquoted Service Path # Tested on OS: Microsoft Windows 11 Enterprise x64 es # Fix: Upgrade to Lenovo LegionSpace 1.8.12.13 or later # CVE : N/A # Disclosure Timeline # | Date | Event | # |------|-------| # | 2025-12-04 | Vulnerability d... (1220 more characters)
Threat ID: 6a0f29ffe1370fbb48ed2e94
Added to database: 5/21/2026, 3:51:27 PM
Last enriched: 5/21/2026, 3:52:00 PM
Last updated: 5/21/2026, 6:21:59 PM
Views: 4
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.