Wacom WTabletService 6.6.7-3 – ‘WTabletServicePro’ Unquoted Service Path

• Exploit Database
• 16 阅读

• 作者： Marcos Antonio León
  日期： 2019-11-06
• 类别：

  • local
  平台：

  • windows
• 来源：https://www.exploit-db.com/exploits/47593/

• # Exploit Title: Wacom WTabletService 6.6.7-3 - 'WTabletServicePro' Unquoted Service Path
  # Discovery by: Marcos Antonio León (psk)
  # Discovery Date: 2019-11-04
  # Vendor Homepage: https://www.wacom.com
  # Software Link : http://cdn.wacom.com/U/drivers/IBMPC/pro/WacomTablet_637-3.exe
  # Tested Version: 6.3.7.3
  # Vulnerability Type: Unquoted Service Path
  # Tested on OS: Windows 10 Home x64 es
  
  # Step to discover Unquoted Service Path:
  
  C:\>sc qc WTabletServicePro
  [SC] QueryServiceConfig CORRECTO
  
  NOMBRE_SERVICIO: WTabletServicePro
  TIPO : 10WIN32_OWN_PROCESS
  TIPO_INICIO: 2 AUTO_START
  CONTROL_ERROR: 1 NORMAL
  NOMBRE_RUTA_BINARIO: C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
  GRUPO_ORDEN_CARGA: PlugPlay
  ETIQUETA : 0
  NOMBRE_MOSTRAR : Wacom Professional Service
  DEPENDENCIAS :
  NOMBRE_INICIO_SERVICIO: LocalSystem
  
  #Exploit:
  
  A successful attempt would require the local attacker must insert an
  executable file in the path of the service. Upon service restart or
  system reboot, the malicious code will be run with elevated
  privileges.