# Exploit Title: HotKey Clipboard 2.1.0.6 - Privilege Escalation Unquoted Service Path# Date: 2023/01/17# Exploit Author : Wim Jaap van Vliet# Vendor Homepage: www.clevo.com.tw# Software Link: https://enstrong.blob.core.windows.net/en-driver/PDXXPNX1/Others/CC30_1006.zip# Version:2.1.0.6# Tested on: Windows 11 Pro 10.0.22000# Exploit
The Hotkey Clipboard Service 'HKClipSvc', installed as part of Control Center3.0 v3.97 (and earlier versions) by Clevo has a unquoted service path.
This software package is usually installed on Clevo laptops (or other brands using Clevo barebones) as a driver.
This could potentially allow an authorized but non-privileged local user to execute arbitrary code with system privileges on the system.# Information
C:\>sc qc "HKClipSvc"[SC] QueryServiceConfig SUCCESS
SERVICE_NAME: HKClipSvc
TYPE : 10WIN32_OWN_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL: 1 NORMAL
BINARY_PATH_NAME : C:\Program Files (x86)\ControlCenter\Driver\x64\HKClipSvc.exe
LOAD_ORDER_GROUP :
TAG: 0
DISPLAY_NAME : HotKey Clipboard Service
DEPENDENCIES :
SERVICE_START_NAME : LocalSystem
