| 标题 | Lodop Web Printing Service C-Lodop 6.611 Unquoted Search Path |
|---|
| 描述 | ### Vulnerability Type
Unquoted Service Path Leading to Local Privilege Escalation
### Affected Scope
Web Printing Service C-Lodop
### Vulnerable Service
C-Lodop Cloud Printing "No Login" Startup Service
### Affected Versions
C-Lodop <= 6.611
### Severity Level
Medium to High
### Description:
Due to the binary path of the service "CLodopPrintService" not being enclosed in quotation marks, the operating system will execute the first instance of the service path separated by spaces that it finds. If an attacker can gain write access to the C drive and the CLodopPrintService runs with system privileges, it could lead to local privilege escalation.
### Official Solution
After testing, it has been confirmed that the issue has been fixed. The vendor has released a patch (x.x.x.x).
### Vendor Website
[https://www.lodop.net/index.html](https://www.lodop.net/index.html)
### C-Lodop Version Change Log
[https://www.lodop.net/c-lodopsteprec.html](https://www.lodop.net/c-lodopsteprec.html)
```
Section x.x.x.x "修正:增加CLodopPrintService二进制路径引用,封堵诱发本地提权安全漏洞;"
In English: "Fix: Added quotation marks to the CLodopPrintService binary path to mitigate the local privilege escalation vulnerability."
```
The mega link included:
- The vulnerability report (markdown format): Clodop_vulnerability_LPE-202501.md (included email loop translation)
- The PoC video: 2025-01-09-Clodop_uqs_lpe_PoC.mkv
- Report images: img/*.png
- Email loop with vendor confirmation |
|---|
| 来源 | ⚠️ https://mega.nz/folder/A5lQQKpL#AF3WPzST3X1Ot6B6fs3bow |
|---|
| 用户 | NightsedgeV (UID 84773) |
|---|
| 提交 | 2025-04-28 19時16分 (1 年前) |
|---|
| 管理 | 2025-05-10 15時04分 (12 days later) |
|---|
| 状态 | 已接受 |
|---|
| VulDB条目 | 308285 [MTSoftware C-Lodop 6.6.1.1 于 Windows CLodopPrintService 权限提升] |
|---|
| 积分 | 20 |
|---|