Submit #147791: FPSensor 1.0.0.1 - Unquoted Service Pathinfo

TitleFPSensor 1.0.0.1 - Unquoted Service Path
Description# Exploit Title: FPSensor x.x.x.x - Unquoted Service Path # Date: 2023-04-23 # Exploit Author: MrEmpy # Version: x.x.x.x # Tested on: Windows 10 21H2 Title: ================ FPSensor x.x.x.x - Unquoted Service Path Summary: ================ A vulnerability was found in FPSensor product version x.x.x.x that affects the executable "C:\Program Files (x86)\FPSensor\bin\DpHost.exe". This vulnerability relates to the unquoted service path attack technique, which occurs when the path to a service executable is not properly quoted, allowing an attacker to execute a malicious file instead of the legitimate file associated with the service. service. The vulnerability in FPSensor could allow an attacker with local user privileges to run a malicious file, such as malware or attack code, instead of the legitimate executable associated with the DpHost.exe service. This could allow the attacker to gain full control over the compromised system, steal confidential information, perform malicious actions or disrupt service operation. To exploit this vulnerability, an attacker would need to have local user-level access to the system and create a malicious file with the same name as the legitimate executable that is not correctly referenced in the service path. For example, the attacker could create a malicious file called "DpHost.exe" and place it in a directory with a higher priority than the legitimate directory of the executable. Proof of Concept: ================ C:\>sc qc DpHost [SC] QueryServiceConfig SUCCESS SERVICE_NAME: DpHost TYPE : 10 WIN32_OWN_PROCESS START_TYPE : 2 AUTO_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : C:\Program Files (x86)\FPSensor\bin\DpHost.exe LOAD_ORDER_GROUP : TAG : 0 DISPLAY_NAME : User Authentication Manager DEPENDENCIES : RPCSS : LanmanWorkstation SERVICE_START_NAME : LocalSystem
Source⚠️ .
User
 mrempy (UID 24379)
Submission04/24/2023 02:10 (3 years ago)
Moderation05/11/2023 07:22 (17 days later)
StatusAccepted
VulDB entry228773 [DigitalPersona FPSensor 1.0.0.1 DpHost.exe unquoted search path]
Points17

PreviousOverviewNext

Want to stay up to date on a daily basis?

Enable the mail alert feature now!