Realtek 11n Wireless LAN utility – Local Privilege Escalation

• Exploit Database
• 13 阅读

• 作者： Humberto Cabrera
  日期： 2015-02-13
• 类别：

  • local
  平台：

  • windows
• 来源：https://www.exploit-db.com/exploits/36062/

• Realtek 11n Wireless LAN utility privilege escalation.
  
  Vulnerability Discovered by Humberto Cabrera @dniz0r
  http://zeroscience.mk @zeroscience
  
  Summary:
  	⁃	Realtek 11n Wireless LAN utility is deployed and used by realtek
  alfa cards and more in order to help diagnose and view wireless card
  properties.
  
  Description:
  -	Unquoted Privilege escalation that allows a user to gain SYSTEM
  privileges.
  
  Date - 12 Feb 2015
  Version: 700.1631.106.2011
  Vendor: www.realtek.com.tw
  Advisory URL:
  https://eaty0face.wordpress.com/2015/02/13/realtek-11n-wireless-lan-utility-privilege-escalation/
  Tested on: Win7
  
  [SC] QueryServiceConfig SUCCESS
  
  SERVICE_NAME: realtek11ncu
  TYPE : 110WIN32_OWN_PROCESS (interactive)
  START_TYPE : 2 AUTO_START
  ERROR_CONTROL: 1 NORMAL
  BINARY_PATH_NAME : C:\Program Files\REALTEK\11n USB Wireless LAN
  Utility\RtlService.exe
  LOAD_ORDER_GROUP :
  TAG: 0
  DISPLAY_NAME : Realtek11nCU
  DEPENDENCIES :
  SERVICE_START_NAME : LocalSystem
  
  C:\Windows\system32>sc qc realtek11nsu
  [SC] QueryServiceConfig SUCCESS
  
  SERVICE_NAME: realtek11nsu
  TYPE : 110WIN32_OWN_PROCESS (interactive)
  START_TYPE : 2 AUTO_START
  ERROR_CONTROL: 1 NORMAL
  BINARY_PATH_NAME : C:\Program Files\REALTEK\Wireless LAN
  Utility\RtlService.exe
  LOAD_ORDER_GROUP :
  TAG: 0
  DISPLAY_NAME : Realtek11nSU
  DEPENDENCIES :
  SERVICE_START_NAME : LocalSystem