TOSHIBA DVD PLAYER Navi Support Service - 'TNaviSrv' Unquoted Service Path

vendor:

TOSHIBA DVD PLAYER

by:

SamAlucard

7.8

CVSS

HIGH

Unquoted Service Path

CWE

Product Name: TOSHIBA DVD PLAYER

Affected Version From: 1.00.0000

Affected Version To: 1.00.0000

Patch Exists: NO

Related CWE:

CPE: a:toshiba:toshiba_dvd_player:1.00.0000

Metasploit:

Other Scripts:

Platforms Tested: Windows 7 Pro

2022

TOSHIBA DVD PLAYER Navi Support Service – ‘TNaviSrv’ Unquoted Service Path

The TOSHIBA DVD PLAYER Navi Support Service (TNaviSrv) is vulnerable to an unquoted service path vulnerability. This vulnerability allows an attacker to gain elevated privileges on the system by placing malicious files in the same directory as the TNaviSrv.exe service executable.

Mitigation:

Ensure that all service paths are properly quoted and that all services are running with the least privileges necessary.

Source

Exploit-DB raw data:

#Exploit Title: TOSHIBA DVD PLAYER Navi Support Service - 'TNaviSrv' Unquoted Service Path
#Exploit Author : SamAlucard
#Exploit Date: 2022-02-17
#Vendor : TOSHIBA
#Version : TOSHIBA Navi Support Service 1.00.0000
#Tested on OS: Windows 7 Pro

#Analyze PoC :
==============
C:\Users\Administrador>sc qc TNaviSrv
[SC] QueryServiceConfig CORRECTO

NOMBRE_SERVICIO: TNaviSrv
        TIPO               : 10  WIN32_OWN_PROCESS
        TIPO_INICIO        : 2   AUTO_START
        CONTROL_ERROR      : 1   NORMAL
        NOMBRE_RUTA_BINARIO: C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD
PLAYER\TNaviSrv.exe
        GRUPO_ORDEN_CARGA  :
        ETIQUETA           : 0
        NOMBRE_MOSTRAR     : TOSHIBA Navi Support Service
        DEPENDENCIAS       :
        NOMBRE_INICIO_SERVICIO: LocalSystem