2

[local] AnyDesk 7.0.15 - Unquoted Service Path

 2 weeks ago
source link: https://www.exploit-db.com/exploits/51968
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.

AnyDesk 7.0.15 - Unquoted Service Path

EDB-ID:

51968

EDB Verified:

Exploit:

  /  

Platform:

Windows

Date:

2024-04-08

Vulnerable App:

# Exploit Title: AnyDesk 7.0.15 - Unquoted Service Path
# Date: 2024-04-01
# Exploit Author: Milad Karimi (Ex3ptionaL)
# Contact: [email protected]
# Zone-H: www.zone-h.org/archive/notifier=Ex3ptionaL
# Vendor Homepage: http://anydesk.com
# Software Link: http://anydesk.com/download
# Version: Software Version 7.0.15
# Tested on: Windows 10 Pro x64

1. Description:

The Anydesk installs as a service with an unquoted service path running
with SYSTEM privileges.
This could potentially allow an authorized but non-privileged local
user to execute arbitrary code with elevated privileges on the system.

2. Proof

C:\>sc qc anydesk
[SC] QueryServiceConfig SUCCESS

SERVICE_NAME: anydesk
        TYPE               : 10  WIN32_OWN_PROCESS
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : "C:\Program Files (x86)\AnyDesk\AnyDesk.exe"
--service
        LOAD_ORDER_GROUP   :
        TAG                : 0
        DISPLAY_NAME       : AnyDesk Service
        DEPENDENCIES       : RpcSs
        SERVICE_START_NAME : LocalSystem


C:\>systeminfo

OS Name:  Microsoft Windows 10 Pro
OS Version: 10.0.19045 N/A Build 19045
OS Manufacturer: Microsoft Corporation

report

Recommend

About Joyk


Aggregate valuable and interesting links.
Joyk means Joy of geeK