HTCSyncManager 3.1.33.0 Service Trusted Path Privilege Escalation

2014.12.15
Credit: Hadji Samir
Risk: Medium
Local: Yes
Remote: No
CVE: N/A
CWE: N/A

# Exploit Title: HTCSyncManager 3.1.33.0 (HSMServiceEntry.exe) Service Trusted Path Privilege Escalation # Date: 12/12/2014 #Author: Hadji Samir s-dz@hotmail.fr #Product web page: http://www.htc.com/fr/software/htc-sync-manager/ #Affected version: 3.1.33.0 #Tested on: Windows 7 (FR) HTC Synchronisation manager for devices HTC Vulnerability Details There are weak permissions for 'HTCSyncManager'default installation where everyone is allowed to change the HSMServiceEntry.exe with an executable of their choice. When the service restarts or the system reboots the attacker payload will execute on the system with SYSTEM privileges. C:\Users\samir>sc qc HTCMonitorService [SC] QueryServiceConfig russite(s) SERVICE_NAME: HTCMonitorService TYPE : 10 WIN32_OWN_PROCESS START_TYPE : 2 AUTO_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : "C:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe" LOAD_ORDER_GROUP : TAG : 0 DISPLAY_NAME : HTCMonitorService DEPENDENCIES : SERVICE_START_NAME : LocalSystem C:\Users\samir>icacls "C:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe" C:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe AUTORITE NT\Système:(I)(F) BUILTIN\Administrateurs:(I)(F) BUILTIN\Utilisateurs:(I)(RX) 1 fichiers correctement traits ; chec du traitement de 0 fichiers

References:

http://www.htc.com/fr/software/htc-sync-manager/


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top