Atomic Alarm Clock 6.3 Unquoted Service Path

2020-04-22 / 2020-04-21
Credit: Bobby Cooke
Risk: Low
Local: Yes
Remote: No
CVE: N/A
CWE: N/A

#Exploit Title: Atomic Alarm Clock (x86) - Local Privilege Escalation #Exploit Author: Bobby Cooke #Date: 04/17/2020 #Vendor Homepage: http://www.drive-software.com #Software Link: http://www.drive-software.com/download/ataclock.exe #Version: 6.3 #Tested On: Windows 10 Pro 1909 (32-bit) #Vulnerability Type: Local Privilege Escalation by unquoted service path owned by 'LocalSystem'. #Vulnerability Description: The Atomic Alarm Clock service "timeserv.exe" will load an arbitrary EXE and execute it with SYSTEM integrity. This security misconfiguration by the vendor can be exploited locally or as part of an attack chain. By placing a file named "Program.exe" on the root drive, an attacker can obtain persistent arbitrary code execution. Under normal environmental conditions, this exploit ensures escalation of privileges from Admin to SYSTEM. C:\Users\boku>sc qc AtomicAlarmClock [SC] QueryServiceConfig SUCCESS SERVICE_NAME: AtomicAlarmClock TYPE : 10 WIN32_OWN_PROCESS START_TYPE : 2 AUTO_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : C:\Program Files\Atomic Alarm Clock\timeserv.exe LOAD_ORDER_GROUP : TAG : 0 DISPLAY_NAME : Atomic Alarm Clock Time DEPENDENCIES : SERVICE_START_NAME : LocalSystem


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top