| ଶୀର୍ଷକ | EasyInventory v1.0.12.0 - Unquoted Service Path |
|---|
| ବର୍ଣ୍ଣନା | A vulnerability was found in EasyInventory v1.0.12.0 affecting the executable C:\Program Files (x86)\EasyInventory\Easy2W.exe. This vulnerability occurs when the service's path is misconfigured, allowing an attacker to run a malicious file instead of the legitimate executable associated with the service. An attacker with local user privileges could exploit this vulnerability to replace the legitimate EasyInventory\Easy2W.exe service executable with a malicious file of the same name and located in a directory that has a higher priority than the legitimate directory. That way, when the service starts, it will run the malicious file instead of the legitimate executable, allowing the attacker to execute arbitrary code, gain unauthorized access to the compromised system, or stop the service from functioning. To exploit this vulnerability, an attacker would need local access to the system and the ability to write and replace files on the system. The vulnerability can be mitigated by correcting the service path to correctly quote the full path of the executable, including quotation marks. Furthermore, it is recommended that users keep software updated with the latest security updates and limit physical and network access to their systems to prevent malicious attacks.
Using CWE to declare the problem leads to CWE-428.
Vendor: Pointware Informática LTDA
POC:
C:\Users>wmic service get name,pathname,displayname,startmode | findstr /i auto | findstr /i /v "C:\Windows\\" | findstr /i /v """
Easy2WSrv Easy2WSrv C:\Program Files (x86)\EasyInventory\Easy2W.exe Auto
C:\Users>sc qc Easy2WSrv
[SC] QueryServiceConfig ÊXITO
NOME_DO_SERVIÇO: Easy2WSrv
TIPO : 10 WIN32_OWN_PROCESS
TIPO_DE_INÍCIO : 2 AUTO_START
CONTROLE_DE_ERRO : 1 NORMAL
NOME_DO_CAMINHO_BINÁRIO : C:\Program Files (x86)\EasyInventory\Easy2W.exe
GRUPO_DE_ORDEM_DE_CARREG. :
MARCA : 0
NOME_PARA_EXIBIÇÃO : Easy2WSrv
DEPENDÊNCIAS :
NOME_DO_INÍCIO_DO_SERVIÇO : LocalSystem
C:\Users>systeminfo
Nome do host: FDLF2276
Nome do sistema operacional: Microsoft Windows 10 Pro
Versão do sistema operacional: 10.0.19045 N/A compilação 19045
Fabricante do sistema operacional: Microsoft Corporation
|
|---|
| ଉପଭୋକ୍ତା | _Phx (UID 50799) |
|---|
| ଦାଖଲ | 07/14/2023 06:34 PM (3 ବର୍ଷ ବର୍ଷ ago) |
|---|
| ମଧ୍ୟମ ଧରଣର | 07/22/2023 08:26 AM (8 days later) |
|---|
| ସ୍ଥିତି | ଗ୍ରହଣ କରାଯାଇଛି |
|---|
| VulDB ଏଣ୍ଟ୍ରି | 235193 [Pointware EasyInventory 1.0.12.0 Easy2W.exe ବିସ୍ତାରିତ ଅଧିକାର] |
|---|
| ପଏଣ୍ଟ | 17 |
|---|