KMSpico 17.1.0.0 - 'Service KMSELDI' Unquoted Service Path

vendor:

KMSpico

by:

SamAlucard

7.5

CVSS

HIGH

Unquoted Service Path

428

CWE

Product Name: KMSpico

Affected Version From: 17.1.0.0

Affected Version To: 17.1.0.0

Patch Exists: NO

Related CWE:

CPE: a:official-kmspico:kmspico:17.1.0.0

Metasploit:

Other Scripts:

Platforms Tested: Windows 7 Pro

2020

KMSpico 17.1.0.0 – ‘Service KMSELDI’ Unquoted Service Path

The 'Service KMSELDI' service in KMSpico 17.1.0.0 has an unquoted service path vulnerability. An attacker with local access can exploit this vulnerability to escalate privileges and potentially execute arbitrary code.

Mitigation:

To mitigate this vulnerability, update to a patched version of KMSpico that addresses the unquoted service path issue. Additionally, ensure that all services have properly quoted service paths.

Source

Exploit-DB raw data:

#Exploit Title: KMSpico 17.1.0.0 - 'Service KMSELDI' Unquoted Service Path
#Exploit Author : SamAlucard
#Exploit Date: 2020-11-08
#Vendor : KMSpico
#Version : Service_KMS 17.1.0.0
#Vendor Homepage :  https://official-kmspico.com/
#Tested on OS: Windows 7 Pro

#Analyze PoC :
==============

C:\>sc qc "Service KMSELDI"
[SC] QueryServiceConfig CORRECTO

NOMBRE_SERVICIO: Service KMSELDI
        TIPO               : 10  WIN32_OWN_PROCESS
        TIPO_INICIO        : 2   AUTO_START
        CONTROL_ERROR      : 1   NORMAL
        NOMBRE_RUTA_BINARIO: C:\Program Files\KMSpico\Service_KMS.exe
        GRUPO_ORDEN_CARGA  :
        ETIQUETA           : 0
        NOMBRE_MOSTRAR     : Service KMSELDI
        DEPENDENCIAS       :
        NOMBRE_INICIO_SERVICIO: LocalSystem