bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

DB: 2024-07-17

Browse source 
2 changes to exploits/shellcodes/ghdb

Bonjour Service 'mDNSResponder.exe' - Unquoted Service Path Privilege Escalation
This commit is contained in:
Exploit-DB 2024-07-17 00:16:34 +00:00
parent 388e822220
commit c27f5a1741
2 changed files with 35 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

34
exploits/windows/local/52061.txt Normal file
View file

@ -0,0 +1,34 @@
# Exploit Title: Bonjour Service - 'mDNSResponder.exe' Unquoted Service
Path
# Discovery by: bios
# Discovery Date: 2024-15-07
# Vendor Homepage: https://developer.apple.com/bonjour/
# Tested Version: 3,0,0,10
# Vulnerability Type: Unquoted Service Path
# Tested on OS: Microsoft Windows 10 Home
# Step to discover Unquoted Service Path:
C:\>wmic service get name,displayname,pathname,startmode |findstr /i "auto"
|findstr /i /v "c:\windows\\" |findstr /i /v """
Bonjour Service
Bonjour Service
C:\Program Files\Blizzard\Bonjour Service\mDNSResponder.exe
Auto
C:\>systeminfo
Host Name: DESKTOP-HFBJOBG
OS Name: Microsoft Windows 10 Home
OS Version: 10.0.19045 N/A Build 19045
PS C:\Program Files\Blizzard\Bonjour Service> powershell -command
"(Get-Command .\mDNSResponder.exe).FileVersionInfo.FileVersion"
>>
3,0,0,10
#Exploit:
There is an Unquoted Service Path in Bonjour Services (mDNSResponder.exe) .
This may allow an authorized local user to insert arbitrary code into the
unquoted service path and escalate privileges.

1
files_exploits.csv
View file

@ -39906,6 +39906,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
50761,exploits/windows/local/50761.txt,"Bluetooth Application 5.4.277 - 'BlueSoleilCS' Unquoted Service Path",2022-02-18,SamAlucard,local,windows,,2022-02-18,2022-02-18,0,,,,,,
35714,exploits/windows/local/35714.pl,"BlueVoda Website Builder 11 - '.bvp' Local Stack Buffer Overflow",2011-05-09,KedAns-Dz,local,windows,,2011-05-09,2015-01-07,1,,,,,,https://www.securityfocus.com/bid/47753/info
25883,exploits/windows/local/25883.txt,"BOINC Manager (Seti@home) 7.0.64 - Field Buffer Overflow (SEH)",2013-06-02,xis_one,local,windows,,2013-06-02,2013-06-02,1,OSVDB-94099,,,,,
52061,exploits/windows/local/52061.txt,"Bonjour Service 'mDNSResponder.exe' - Unquoted Service Path Privilege Escalation",2024-07-16,bios,local,windows,,2024-07-16,2024-07-16,0,,,,,,
49851,exploits/windows/local/49851.txt,"BOOTP Turbo 2.0.0.1253 - 'bootpt.exe' Unquoted Service Path",2021-05-10,"Erick Galindo",local,windows,,2021-05-10,2021-05-10,0,,,,,http://www.exploit-db.combootpt_demo_x64.exe,
48078,exploits/windows/local/48078.txt,"BOOTP Turbo 2.0.1214 - 'BOOTP Turbo' Unquoted Service Path",2020-02-17,boku,local,windows,,2020-02-17,2020-02-17,0,,,,,http://www.exploit-db.combootpt_demo_IA32.exe,
49089,exploits/windows/local/49089.py,"Boxoft Audio Converter 2.3.0 - '.wav' Buffer Overflow (SEH)",2020-11-23,"Luis Martínez",local,windows,,2020-11-23,2020-11-23,1,,,,,,

Can't render this file because it is too large.