Potential fix for code scanning alert no. 1: Shell command built from environment values

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>

Author: tinsever

lib/system-font.js

@@ -155,9 +155,13 @@ SystemFont.prototype.install = function(remoteFile, fileName, callback) {
 					});
 				}
 				else {
-					child_process.exec('cscript.exe ' + path.join(__dirname, 'windows', 'installFont.js') + ' ' + tmpPath, function(err, stdout, stderr){
-						callback(err, 'Font System Folder with cscript.');
-					})
+					child_process.execFile(
+						'cscript.exe',
+						[path.join(__dirname, 'windows', 'installFont.js'), tmpPath],
+						function(err, stdout, stderr) {
+							callback(err, 'Font System Folder with cscript.');
+						}
+					);
 				}
 			})	
 			break;