| Title | Topaz OFD - Warsaw Technology v2.11.0.201 - Unquoted Path |
|---|
| Description | # Vendor Homepage: https://www.topazevolution.com/
# File Description: Topaz OFD - Protection Module
# Product Name: Topaz OFD - Protection
# Service: Warsaw Technology
# Filename: core.exe
# Version: x.x.x.x
# Tested on: Windows Server 2012 R2
Summary:
================
An unquoted service path vulnerability has been discovered in Topaz OFD - Protection Module Warsaw v2.11.0.201 affecting the executable "C:\Program Files\Topaz OFD\Warsaw\core.exe" .
This vulnerability occurs when the service's path is misconfigured, allowing an attacker to run a malicious file instead of the legitimate executable associated with the service.
An attacker with local user privileges could exploit this vulnerability to replace the legitimate \Topaz OFD\Warsaw\core.exe service executable with a
malicious file of the same name and located in a directory that has a higher priority than the legitimate directory. That way, when the service
starts, it will run the malicious file instead of the legitimate executable, allowing the attacker to execute arbitrary code, gain
unauthorized access to the compromised system, or stop the service from functioning.
To exploit this vulnerability, an attacker would need local access to the system and the ability to write and replace files on the system.
The vulnerability can be mitigated by correcting the service path to correctly quote the full path of the executable, including quotation marks.
Furthermore, it is recommended that users keep software updated with the latest security updates and limit physical and network access to their
systems to prevent malicious attacks.
POC:
C:\>sc qc Warsaw Technology
[SC] QueryServiceConfig SUCCESS
SERVICE_NAME: Warsaw Technology
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\Program Files\Topaz OFD\Warsaw\core.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Warsaw Technology
DEPENDENCIES :
SERVICE_START_NAME : LocalSystem |
|---|
| User | _Phx (UID 50799) |
|---|
| Submission | 09/06/2023 02:21 (3 years ago) |
|---|
| Moderation | 09/16/2023 08:31 (10 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 239853 [Topaz OFD 2.11.0.201 Protection Module Warsaw core.exe unquoted search path] |
|---|
| Points | 17 |
|---|