CodeMeter 4.50.906.503 Service Trusted Path Privilege Escalation

2014.12.15
Credit: Hadji Samir
Risk: Medium
Local: Yes
Remote: No
CVE: N/A
CWE: N/A

# Exploit Title:CodeMeter 4.50.906.503 Service Trusted Path Privilege Escalation # Date: 07/12/2014 #Author: Hadji Samir s-dz@hotmail.fr #Product web page: http://www.wibu.com/fr/codemeter.html #Affected version: 4.50.906.503 #Tested on: Windows 7 (FR) 'CodeMeter.exe ' CodeMeter represents the basic technology of all protection and licensing solutions from Wibu-Systems. CodeMeter contains a flaw in the 'CodeMeter.exe' file that may reportedly allow gaining access to unauthorized privileges. The issue is due to an unquoted search path, which may allow a local attacker to inject arbitrary code in the root path. C:\Users\samir>sc qc CodeMeter.exe [SC] QueryServiceConfig russite(s) SERVICE_NAME: CodeMeter.exe TYPE : 10 WIN32_OWN_PROCESS START_TYPE : 2 AUTO_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe LOAD_ORDER_GROUP : TAG : 0 DISPLAY_NAME : CodeMeter Runtime Server DEPENDENCIES : Tcpip : Winmgmt SERVICE_START_NAME : LocalSystem C:\Users\samir>icacls "C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe" C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe AUTORITE NT\Système:(I)(F) BUILTIN\Administrateurs:(I)(F) BUILTIN\Utilisateurs:(I)(RX) 1 fichiers correctement traits ; chec du traitement de 0 fichiers

References:

http://cxsecurity.com/issue/WLB-2014110167


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top