Logitech Solar Keyboard Service – ‘L4301_Solar’ Unquoted Service Path

• Exploit Database
• 118 阅读

• 作者： Jair Amezcua
  日期： 2020-11-16
• 类别：

  • local
  平台：

  • windows
• 来源：https://www.exploit-db.com/exploits/49050/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35

  # Title: Logitech Solar Keyboard Service - 'L4301_Solar' Unquoted Service Path # Author: Jair Amezcua # Date: 2020-11-10 # Vendor Homepage: https://www.logitech.com/es-mx # Software Link: https://support.logi.com/hc/en-us/articles/360024692874--Downloads-Wireless-Solar-Keyboard-K750 # Version : 1.10.3.0 # Tested on: Windows 10 64bit(EN) # CVE : N/A   # 1. Description: # Unquoted service paths in Logitech Solar Keyboard Servicev1.10.3.0 have an unquoted service path.   # PoC ===========   C:\>sc qc L4301_Solar [SC] QueryServiceConfig SUCCESS SERVICE_NAME: L4301_Solar TYPE : 10WIN32_OWN_PROCESS START_TYPE : 2 AUTO_START ERROR_CONTROL: 1 NORMAL BINARY_PATH_NAME : C:\Program Files\Logitech\SolarApp\L4301_Solar.exe LOAD_ORDER_GROUP : PlugPlay TAG: 0 DISPLAY_NAME : Logitech Solar Keyboard Service DEPENDENCIES : PlugPlay SERVICE_START_NAME : LocalSystem     #Description Exploit: # A successful attempt would require the local user to be able to insert their code in the system root path # undetected by the OS or other security applications where it could potentially be executed during # application startup or reboot. If successful, the local user's code would execute with the elevated # privileges of the application.