AnyTXT Searcher 1.2.394 - 'ATService' Unquoted Service Path

vendor:

AnyTXT Searcher

by:

Mohammed Alshehri

6.4

CVSS

MEDIUM

Unquoted Service Path

428

CWE

Product Name: AnyTXT Searcher

Affected Version From: 1.2.0394

Affected Version To: 1.2.0394

Patch Exists: NO

Related CWE:

CPE: a:anytxt:searcher:1.2.394

Metasploit:

Other Scripts:

Platforms Tested: Microsoft Windows 10 Education - 10.0.17763 N/A Build 17763

2020

AnyTXT Searcher 1.2.394 – ‘ATService’ Unquoted Service Path

The 'ATService' service in AnyTXT Searcher version 1.2.394 is installed with an unquoted service path, which could allow an attacker to escalate privileges and execute arbitrary code.

Mitigation:

To mitigate this vulnerability, the vendor should update the service to include quotes around the service path. Users can also manually update the service path to include quotes.

Source

Exploit-DB raw data:

# Exploit Title: AnyTXT Searcher 1.2.394 - 'ATService' Unquoted Service Path
# Date: 2020-12-11
# Exploit Author: Mohammed Alshehri
# Vendor Homepage: Anytxt.net
# Software Link: https://sourceforge.net/projects/anytxt/files/AnyTXT.Searcher.1.2.394.exe
# Version: Version 1.2.394
# Tested on: Microsoft Windows 10 Education - 10.0.17763 N/A Build 17763


# Service info:
C:\Users\m507>sc qc ATService
[SC] QueryServiceConfig SUCCESS

SERVICE_NAME: ATService
        TYPE               : 110  WIN32_OWN_PROCESS (interactive)
        START_TYPE         : 2   AUTO_START  (DELAYED)
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\Program Files (x86)\AnyTXT Searcher\atservice.exe
        LOAD_ORDER_GROUP   :
        TAG                : 0
        DISPLAY_NAME       : AnyTXT Searcher Indexing Service
        DEPENDENCIES       :
        SERVICE_START_NAME : LocalSystem

C:\Users\m507>