ELAN Touchpad 15.2.13.1_X64_WHQL - 'ETDService' Unquoted Service Path

vendor:

ELAN Touchpad

by:

SamAlucard

7.8

CVSS

HIGH

Unquoted Service Path

426

CWE

Product Name: ELAN Touchpad

Affected Version From: 15.2.13.1_X64_WHQL

Affected Version To: 15.2.13.1_X64_WHQL

Patch Exists: NO

Related CWE: N/A

CPE: a:elan_microelectronics:elan_touchpad:15.2.13.1_x64_whql

Metasploit: N/A

Other Scripts: N/A

Platforms Tested: Windows 8

2021

ELAN Touchpad 15.2.13.1_X64_WHQL – ‘ETDService’ Unquoted Service Path

This software installs EDTService.exe, version 11.10.2.1. The service is configured to run with LocalSystem privileges and the path to the executable is not quoted, which could allow an attacker to gain elevated privileges.

Mitigation:

Ensure that all service paths are quoted and that all services are running with the least privileges necessary.

Source

Exploit-DB raw data:

# Exploit Title: ELAN Touchpad 15.2.13.1_X64_WHQL - 'ETDService' Unquoted Service Path
# Exploit Author : SamAlucard
# Exploit Date: 2021-03-22
# Vendor :  ELAN Microelectronics
# Version : ELAN Touchpad 15.2.13.1_X64_WHQL
# Vendor Homepage : http://www.emc.com.tw/
# Tested on OS: Windows 8

#This software installs EDTService.exe, version 11.10.2.1

#Analyze PoC :
==============
C:\>sc qc ETDService
[SC] QueryServiceConfig CORRECTO

NOMBRE_SERVICIO: ETDService
        TIPO               : 10  WIN32_OWN_PROCESS
        TIPO_INICIO        : 2   AUTO_START
        CONTROL_ERROR      : 1   NORMAL
        NOMBRE_RUTA_BINARIO: C:\Program Files\Elantech\ETDService.exe
        GRUPO_ORDEN_CARGA  :
        ETIQUETA           : 0
        NOMBRE_MOSTRAR     : Elan Service
        DEPENDENCIAS       :
        NOMBRE_INICIO_SERVICIO: LocalSystem