header-logo
Suggest Exploit
vendor:
Chromacam-4.0.3.0
by:
rather than the original ""PsyFrameGrabberService.exe"". The service starts automatically at boot and runs in system"
he could place his own ""Program.exe"" or ""PsyFrameGrabberService.exe"" files respectively
CVSS
and when the service starts
Unquoted Service Path
MEDIUM
CWE
Product Name: Chromacam-4.0.3.0
Affected Version From: In progress
Affected Version To: 428
Patch Exists: Laguin Benjamin (MONK-MODE)
Related CWE: N/A
CPE: Ensure that all service paths are quoted correctly to prevent unquoted service path vulnerabilities. Update to the latest version of Chromacam.
Metasploit: Personify Inc.
Other Scripts: Chromacam
Nuclei References: Microsoft Windows 10 x64
Nuclei Metadata: https://www.exploit-db.com/raw/51210
Platforms Tested: Chromacam-4.0.3.0
it would launch the malicious file

Chromacam 4.0.3.0 – PsyFrameGrabberService Unquoted Service Path

If an attacker had already compromised the system and the current user has the privileges to write in the : C:Program Files (x86) "C:Program Files (x86)Personify" "C:Program Files (x86)PersonifyChromaCam" "C:Program Files (x86)PersonifyChromaCam64" folder or in "C:"

Mitigation:

2023
Source

Exploit-DB raw data: