WOW21 5.0.1.9 - 'Service WOW21_Service' Unquoted Service Path

vendor:

WOW21

by:

Antonio Cuomo (arkantolo)

7.5

CVSS

HIGH

Unquoted Service Path

428

CWE

Product Name: WOW21

Affected Version From: 5.0.1.9

Affected Version To: 5.0.1.9

Patch Exists: NO

Related CWE:

CPE: a:ilwebmaster21:wow21:5.0.1.9

Metasploit:

Other Scripts:

Platforms Tested: Windows 10 Pro x64

2022

WOW21 5.0.1.9 – ‘Service WOW21_Service’ Unquoted Service Path

The WOW21_Service in WOW21 version 5.0.1.9 on Windows 10 Pro x64 allows local users to gain elevated privileges via an unquoted service path.

Mitigation:

Ensure that all service paths are quoted in the registry to prevent unquoted service path vulnerabilities.

Source

Exploit-DB raw data:

# Exploit Title: WOW21 5.0.1.9 - 'Service WOW21_Service' Unquoted Service Path
# Exploit Author: Antonio Cuomo (arkantolo)
# Exploit Date: 2022-03-09
# Vendor : ilwebmaster21
# Version : WOW21_Service 5.0.1.9
# Vendor Homepage :  https://wow21.life/
# Tested on OS: Windows 10 Pro x64

#PoC :
==============

C:\>sc qc WOW21_Service
[SC] QueryServiceConfig OPERAZIONI RIUSCITE

NOME_SERVIZIO: WOW21_Service
        TIPO                      : 10  WIN32_OWN_PROCESS
        TIPO_AVVIO                : 2   AUTO_START
        CONTROLLO_ERRORE          : 1   NORMAL
        NOME_PERCORSO_BINARIO     : C:\Program Files\WOW21\WOW21_Service.exe
        GRUPPO_ORDINE_CARICAMENTO :
        TAG                       : 0
        NOME_VISUALIZZATO         : WOW21_Service
        DIPENDENZE                :
        SERVICE_START_NAME : LocalSystem