| タイトル | Lodop Web Printing Service C-Lodop 6.611 Unquoted Search Path |
|---|
| 説明 | ### Vulnerability Type
Unquoted Service Path Leading to Local Privilege Escalation
### Affected Scope
Web Printing Service C-Lodop
### Vulnerable Service
C-Lodop Cloud Printing "No Login" Startup Service
### Affected Versions
C-Lodop <= 6.611
### Severity Level
Medium to High
### Description:
Due to the binary path of the service "CLodopPrintService" not being enclosed in quotation marks, the operating system will execute the first instance of the service path separated by spaces that it finds. If an attacker can gain write access to the C drive and the CLodopPrintService runs with system privileges, it could lead to local privilege escalation.
### Official Solution
After testing, it has been confirmed that the issue has been fixed. The vendor has released a patch (x.x.x.x).
### Vendor Website
[https://www.lodop.net/index.html](https://www.lodop.net/index.html)
### C-Lodop Version Change Log
[https://www.lodop.net/c-lodopsteprec.html](https://www.lodop.net/c-lodopsteprec.html)
```
Section x.x.x.x "修正:增加CLodopPrintService二进制路径引用,封堵诱发本地提权安全漏洞;"
In English: "Fix: Added quotation marks to the CLodopPrintService binary path to mitigate the local privilege escalation vulnerability."
```
The mega link included:
- The vulnerability report (markdown format): Clodop_vulnerability_LPE-202501.md (included email loop translation)
- The PoC video: 2025-01-09-Clodop_uqs_lpe_PoC.mkv
- Report images: img/*.png
- Email loop with vendor confirmation |
|---|
| ソース | ⚠️ https://mega.nz/folder/A5lQQKpL#AF3WPzST3X1Ot6B6fs3bow |
|---|
| ユーザー | NightsedgeV (UID 84773) |
|---|
| 送信 | 2025年04月28日 19:16 (1 年 ago) |
|---|
| モデレーション | 2025年05月10日 15:04 (12 days later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 308285 [MTSoftware C-Lodop 6.6.1.1 上 Windows CLodopPrintService 特権昇格] |
|---|
| ポイント | 20 |
|---|