ProShow Producer 9.0.3797 - ('ScsiAccess') Unquoted Service Path

vendor:

ProShow Producer

by:

ZwX

5.5

CVSS

MEDIUM

Unquoted Service Path

428

CWE

Product Name: ProShow Producer

Affected Version From: ProShow Producer 9.0.3797

Affected Version To: ProShow Producer 9.0.3797

Patch Exists: NO

Related CWE:

CPE: a:photodex:proshow_producer:9.0.3797

Metasploit:

Other Scripts:

Platforms Tested: Windows 7

2019

ProShow Producer 9.0.3797 – (‘ScsiAccess’) Unquoted Service Path

The ProShow Producer 9.0.3797 software has an unquoted service path vulnerability in the 'ScsiAccess' service. This vulnerability allows an attacker with local access to the system to escalate privileges and execute arbitrary code.

Mitigation:

To mitigate this vulnerability, the vendor should update the 'ScsiAccess' service to include quotes around the binary path name. Users should also ensure that they have the latest version of the software installed.

Source

Exploit-DB raw data:

#Exploit Title: ProShow Producer 9.0.3797 - ('ScsiAccess') Unquoted Service Path
#Exploit Author : ZwX
#Exploit Date: 2019-11-21
#Vendor Homepage : http://www.photodex.com/
#Link Software : http://files.photodex.com/release/pspro_90_3797.exe
#Tested on OS: Windows 7


#Analyze PoC :
==============


C:\Users\ZwX>sc qc ScsiAccess
[SC] QueryServiceConfig réussite(s)

SERVICE_NAME: ScsiAccess
        TYPE               : 10  WIN32_OWN_PROCESS
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\Program Files\Photodex\ProShow Producer\ScsiAccess.exe
        LOAD_ORDER_GROUP   :
        TAG                : 0
        DISPLAY_NAME       : ScsiAccess
        DEPENDENCIES       :
        SERVICE_START_NAME : LocalSystem