header-logo
Suggest Exploit
vendor:
NETGATE Registry Cleaner
by:
Amir.ght
5.5
CVSS
MEDIUM
Unquoted Service Path Privilege Escalation
428
CWE
Product Name: NETGATE Registry Cleaner
Affected Version From:
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested: Windows 7
2016

NETGATE Registry Cleaner Unquoted Service Path Privilege Escalation

NETGATE Registry Cleaner installs a service with an unquoted service path. To properly exploit this vulnerability, the local attacker must insert an executable file in the path of the service. Upon service restart or system reboot, the malicious code will be run with elevated privileges.

Mitigation:

To mitigate this vulnerability, the vendor should update the software to include quotes around the service path in the installation process. Users should also ensure that they are running the latest version of the software and have proper security measures in place to prevent unauthorized access.
Source

Exploit-DB raw data:

#########################################################################
# Exploit Title: NETGATE Registry Cleaner Unquoted Service Path Privilege Escalation
# Date: 15/10/2016
# Author: Amir.ght
# Vendor Homepage: http://www.netgate.sk/
# Software Link: http://www.netgate.sk/download/download.php?id=4
# Version : build 16.0.205  (Latest)
# Tested on: Windows 7
##########################################################################

NETGATE Registry Cleaner installs a service with an unquoted service path
To properly exploit this vulnerability,
the local attacker must insert an executable file in the path of the service.
Upon service restart or system reboot, the malicious code will be run
with elevated privileges.
-------------------------------------------
C:\>sc qc NGRegClnSrv
[SC] QueryServiceConfig SUCCESS

SERVICE_NAME: NGRegClnSrv
        TYPE               : 10  WIN32_OWN_PROCESS
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\Program Files\NETGATE\Registry
Cleaner\RegistryCleanerSrv.exe
        LOAD_ORDER_GROUP   :
        TAG                : 0
        DISPLAY_NAME       : NETGATE Registry Cleaner Service
        DEPENDENCIES       :
        SERVICE_START_NAME : LocalSystem

Navigation

Suggest Exploit

Services By CQR