HotKey Clipboard 2.1.0.6 – Privilege Escalation Unquoted Service Path

• Exploit Database
• 139 阅读

• 作者： Wim Jaap van Vliet
  日期： 2023-04-03
• 类别：

  • local
  平台：

  • windows
• 来源：https://www.exploit-db.com/exploits/51206/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29

  # Exploit Title: HotKey Clipboard 2.1.0.6 - Privilege Escalation Unquoted Service Path # Date: 2023/01/17 # Exploit Author : Wim Jaap van Vliet # Vendor Homepage: www.clevo.com.tw # Software Link: https://enstrong.blob.core.windows.net/en-driver/PDXXPNX1/Others/CC30_1006.zip # Version:2.1.0.6 # Tested on: Windows 11 Pro 10.0.22000   # Exploit The Hotkey Clipboard Service 'HKClipSvc', installed as part of Control Center3.0 v3.97 (and earlier versions) by Clevo has a unquoted service path. This software package is usually installed on Clevo laptops (or other brands using Clevo barebones) as a driver. This could potentially allow an authorized but non-privileged local user to execute arbitrary code with system privileges on the system.   # Information C:\>sc qc "HKClipSvc" [SC] QueryServiceConfig SUCCESS   SERVICE_NAME: HKClipSvc TYPE : 10WIN32_OWN_PROCESS START_TYPE : 2 AUTO_START ERROR_CONTROL: 1 NORMAL BINARY_PATH_NAME : C:\Program Files (x86)\ControlCenter\Driver\x64\HKClipSvc.exe LOAD_ORDER_GROUP : TAG: 0 DISPLAY_NAME : HotKey Clipboard Service DEPENDENCIES : SERVICE_START_NAME : LocalSystem