header-logo
Suggest Exploit
vendor:
HotKey Clipboard
by:
Wim Jaap van Vliet
7.5
CVSS
HIGH
Privilege Escalation
78
CWE
Product Name: HotKey Clipboard
Affected Version From: 2.1.0.6
Affected Version To: 2.1.0.6
Patch Exists: NO
Related CWE:
CPE: a:clevo:hotkey_clipboard:2.1.0.6
Metasploit:
Other Scripts:
Platforms Tested: Windows 11 Pro 10.0.22000
2023

HotKey Clipboard 2.1.0.6 – Privilege Escalation Unquoted Service Path

The Hotkey Clipboard Service 'HKClipSvc' installed as part of Control Center3.0 v3.97 (and earlier versions) by Clevo has an unquoted service path. This could potentially allow an authorized but non-privileged local user to execute arbitrary code with system privileges on the system.

Mitigation:

The vendor should fix the unquoted service path in the installation package.
Source

Exploit-DB raw data:

# Exploit Title: HotKey Clipboard 2.1.0.6 - Privilege Escalation Unquoted Service Path
# Date: 2023/01/17
# Exploit Author : Wim Jaap van Vliet
# Vendor Homepage: www.clevo.com.tw
# Software Link: https://enstrong.blob.core.windows.net/en-driver/PDXXPNX1/Others/CC30_1006.zip
# Version:  2.1.0.6
# Tested on: Windows 11 Pro 10.0.22000

# Exploit
The Hotkey Clipboard Service 'HKClipSvc', installed as part of Control Center3.0 v3.97 (and earlier versions) by Clevo has a unquoted service path.
This software package is usually installed on Clevo laptops (or other brands using Clevo barebones) as a driver.
This could potentially allow an authorized but non-privileged local user to execute arbitrary code with system privileges on the system.

# Information
 
C:\>sc qc "HKClipSvc"
[SC] QueryServiceConfig SUCCESS

SERVICE_NAME: HKClipSvc
        TYPE               : 10  WIN32_OWN_PROCESS
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\Program Files (x86)\ControlCenter\Driver\x64\HKClipSvc.exe
        LOAD_ORDER_GROUP   :
        TAG                : 0
        DISPLAY_NAME       : HotKey Clipboard Service
        DEPENDENCIES       :
        SERVICE_START_NAME : LocalSystem

Navigation

Suggest Exploit

Services By CQR