# Exploit Title: Network Inventory Advisor 5.0.26.0 - 'niaservice' Unquoted Service Path # Date: 2019-11-04 # Exploit Author: Samuel DiazL # Vendor Homepage: https://www.network-inventory-advisor.com/ # Software Link: https://www.network-inventory-advisor.com/download.html # Version: 5.0.26.0 # Tested on: Microsoft Windows 10 Enterprise x64 ESP # CVE: N/A # Description: # Network Inventory Advisor installs niaservice as a service with an unquoted service path C:\Users\SD502812>sc qc niaservice [SC] QueryServiceConfig CORRECTO NOMBRE_SERVICIO: niaservice TIPO : 10 WIN32_OWN_PROCESS TIPO_INICIO : 2 AUTO_START CONTROL_ERROR : 0 IGNORE NOMBRE_RUTA_BINARIO: C:\Program Files (x86)\ClearApps\Network Inventory Advisor\niaservice.exe GRUPO_ORDEN_CARGA : ETIQUETA : 0 NOMBRE_MOSTRAR : Network Inventory Advisor Service by ClearApps Software DEPENDENCIAS : NOMBRE_INICIO_SERVICIO: LocalSystem