AnyDesk 7.0.15 Unquoted Service Path
2024-4-8 21:51:28 Author: packetstormsecurity.com(查看原文) 阅读量:1 收藏

# Exploit Title: AnyDesk 7.0.15 - Unquoted Service Path Privilege
Escalation
# Date: 2024-04-01
# Exploit Author: Milad Karimi (Ex3ptionaL)
# Contact: [email protected]
# Zone-H: www.zone-h.org/archive/notifier=Ex3ptionaL
# Vendor Homepage: http://anydesk.com
# Software Link: http://anydesk.com/download
# Version: Software Version 7.0.15
# Tested on: Windows 10 Pro x64

1. Description:

The Anydesk installs as a service with an unquoted service path running
with SYSTEM privileges.
This could potentially allow an authorized but non-privileged local
user to execute arbitrary code with elevated privileges on the system.

2. Proof

C:\>sc qc anydesk
[SC] QueryServiceConfig SUCCESS

SERVICE_NAME: anydesk
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : "C:\Program Files (x86)\AnyDesk\AnyDesk.exe"
--service
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : AnyDesk Service
DEPENDENCIES : RpcSs
SERVICE_START_NAME : LocalSystem

C:\>systeminfo

OS Name: Microsoft Windows 10 Pro
OS Version: 10.0.19045 N/A Build 19045
OS Manufacturer: Microsoft Corporation


文章来源: https://packetstormsecurity.com/files/177977/anydesk7015-unquotedpath.txt
如有侵权请联系:admin#unsafe.sh