Invia #147791: FPSensor 1.0.0.1 - Unquoted Service Pathinformazioni

Titolo	FPSensor 1.0.0.1 - Unquoted Service Path
Descrizione	# Exploit Title: FPSensor x.x.x.x - Unquoted Service Path # Date: 2023-04-23 # Exploit Author: MrEmpy # Version: x.x.x.x # Tested on: Windows 10 21H2 Title: ================ FPSensor x.x.x.x - Unquoted Service Path Summary: ================ A vulnerability was found in FPSensor product version x.x.x.x that affects the executable "C:\Program Files (x86)\FPSensor\bin\DpHost.exe". This vulnerability relates to the unquoted service path attack technique, which occurs when the path to a service executable is not properly quoted, allowing an attacker to execute a malicious file instead of the legitimate file associated with the service. service. The vulnerability in FPSensor could allow an attacker with local user privileges to run a malicious file, such as malware or attack code, instead of the legitimate executable associated with the DpHost.exe service. This could allow the attacker to gain full control over the compromised system, steal confidential information, perform malicious actions or disrupt service operation. To exploit this vulnerability, an attacker would need to have local user-level access to the system and create a malicious file with the same name as the legitimate executable that is not correctly referenced in the service path. For example, the attacker could create a malicious file called "DpHost.exe" and place it in a directory with a higher priority than the legitimate directory of the executable. Proof of Concept: ================ C:\>sc qc DpHost [SC] QueryServiceConfig SUCCESS SERVICE_NAME: DpHost TYPE : 10 WIN32_OWN_PROCESS START_TYPE : 2 AUTO_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : C:\Program Files (x86)\FPSensor\bin\DpHost.exe LOAD_ORDER_GROUP : TAG : 0 DISPLAY_NAME : User Authentication Manager DEPENDENCIES : RPCSS : LanmanWorkstation SERVICE_START_NAME : LocalSystem
Fonte	⚠️ .
Utente	mrempy (UID 24379)
Sottomissione	24/04/2023 02:10 (3 anni fa)
Moderazione	11/05/2023 07:22 (17 days later)
Stato	Accettato
Voce VulDB	228773 [DigitalPersona FPSensor 1.0.0.1 DpHost.exe escalationi di privilegi]
Punti	17

◂ Precedente Visione D'ensemble Il prossimo ▸

Do you know our Splunk app?

Download it now for free!