2

[local] HotKey Clipboard 2.1.0.6 - Privilege Escalation Unquoted Service Path

 1 year ago
source link: https://www.exploit-db.com/exploits/51206
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.

HotKey Clipboard 2.1.0.6 - Privilege Escalation Unquoted Service Path

EDB-ID:

51206

EDB Verified:

Exploit:

  /  

Platform:

Windows

Date:

2023-04-03

Vulnerable App:

# Exploit Title: HotKey Clipboard 2.1.0.6 - Privilege Escalation Unquoted Service Path
# Date: 2023/01/17
# Exploit Author : Wim Jaap van Vliet
# Vendor Homepage: www.clevo.com.tw
# Software Link: https://enstrong.blob.core.windows.net/en-driver/PDXXPNX1/Others/CC30_1006.zip
# Version:  2.1.0.6
# Tested on: Windows 11 Pro 10.0.22000

# Exploit
The Hotkey Clipboard Service 'HKClipSvc', installed as part of Control Center3.0 v3.97 (and earlier versions) by Clevo has a unquoted service path.
This software package is usually installed on Clevo laptops (or other brands using Clevo barebones) as a driver.
This could potentially allow an authorized but non-privileged local user to execute arbitrary code with system privileges on the system.

# Information
 
C:\>sc qc "HKClipSvc"
[SC] QueryServiceConfig SUCCESS

SERVICE_NAME: HKClipSvc
        TYPE               : 10  WIN32_OWN_PROCESS
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\Program Files (x86)\ControlCenter\Driver\x64\HKClipSvc.exe
        LOAD_ORDER_GROUP   :
        TAG                : 0
        DISPLAY_NAME       : HotKey Clipboard Service
        DEPENDENCIES       :
        SERVICE_START_NAME : LocalSystem

report

Recommend

About Joyk


Aggregate valuable and interesting links.
Joyk means Joy of geeK