RealTimes Desktop Service 18.1.4 rpdsvc.exe Unquoted Service Path

2020.11.14

Credit: Anonymous

Risk: Low

Local: Yes

Remote: No

CVE: N/A

CWE: N/A

# Exploit Title: RealTimes Desktop Service  18.1.4 - 'rpdsvc.exe' Unquoted Service Path
# Discovery by: Erick Galindo 
# Discovery Date: 2020-11-07
# Vendor Homepage: https://www.real.com/
# Tested Version: 18.1.4
# Vulnerability Type: Unquoted Service Path
# Tested on OS: Windows 7 Enterprise  SP1 x64 es
# Step to discover Unquoted Service Path:
 
c:\wmic service get name, displayname, pathname, startmode | findstr /i "Auto" | findstr 
/i /v "C:\Windows\\" | findstr /i /v "RealTimes" | findstr /i /v """

RealTimes Desktop Service          RealTimes Desktop Service           c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe            Auto

# Service info

sc qc "RealTimes Desktop Service"
[SC] QueryServiceConfig CORRECTO

NOMBRE_SERVICIO: RealTimes Desktop Service
        TIPO               : 10  WIN32_OWN_PROCESS
        TIPO_INICIO        : 2   AUTO_START
        CONTROL_ERROR      : 1   NORMAL
        NOMBRE_RUTA_BINARIO: c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe
        GRUPO_ORDEN_CARGA  :
        ETIQUETA           : 0
        NOMBRE_MOSTRAR     : RealTimes Desktop Service
        DEPENDENCIAS       :
        NOMBRE_INICIO_SERVICIO: LocalSystem
		#Exploit:

This vulnerability could permit executing code during startup or reboot with the escalated privileges.

See this note in RAW Version

Vote for this issue:

100%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

RealTimes Desktop Service 18.1.4 rpdsvc.exe Unquoted Service Path

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.