# Exploit Title: Bonjour Service - 'mDNSResponder.exe'Unquoted Service
Path
# Discovery by: bios# Discovery Date: 2024-15-07# Vendor Homepage: https://developer.apple.com/bonjour/# Tested Version: 3,0,0,10# Vulnerability Type: Unquoted Service Path# Tested on OS: Microsoft Windows 10 Home# Step to discover Unquoted Service Path:
C:\>wmic service get name,displayname,pathname,startmode |findstr /i "auto"|findstr /i /v "c:\windows\\"|findstr /i /v """
Bonjour Service
Bonjour Service
C:\Program Files\Blizzard\Bonjour Service\mDNSResponder.exe
Auto
C:\>systeminfo
Host Name: DESKTOP-HFBJOBG
OS Name: Microsoft Windows 10 Home
OS Version:10.0.19045 N/A Build 19045
PS C:\Program Files\Blizzard\Bonjour Service> powershell -command
"(Get-Command.\mDNSResponder.exe).FileVersionInfo.FileVersion"
>>
3,0,0,10
#Exploit:
There is an Unquoted Service Path in Bonjour Services (mDNSResponder.exe).
This may allow an authorized local user to insert arbitrary code into the
unquoted service path and escalate privileges.
