Filmora 12 Build 1.0.0.7 Unquoted Service Path

2023.05.20
Credit: Thurein Soe
Risk: Low
Local: Yes
Remote: No
CWE: CWE-428

Vendor Name: Filmora Product Name: Filmora 12 version ( Build 1.0.0.7 ) Vendor Home Page: https://filmora.wondershare.com/ Affected Version(s): Filmora 12 version (Build 12.2.1.2088) Vulnerability Type: Unquoted Service Path Vulnerability (CWE-428) CVE Reference: CVE-2023-31747 Security Researcher: Thurein Soe Vulnerability description: Filmora is professional video editing software. Wondershare NativePush Build 1.0.0.7 was part of Filmora 12 (Build 12.2.1.2088) Wondershare NativePush Build 1.0.0.7 was installed while Filmora 12 was installed. The service name "NativePushService" was vulnerable to unquoted service paths vulnerability which led to full local privilege escalation in the affected system as the service "NativePushService" was running as a system privilege. Effectively, the local user is able to elevate to local admin. C:\>sc qc NativePushService [SC] QueryServiceConfig SUCCESS SERVICE_NAME: NativePushService TYPE : 10 WIN32_OWN_PROCESS START_TYPE : 2 AUTO_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : C:\Users\HninKayThayar\AppData\Local\Wondershare\Wondershare NativePush\WsNativePushService.exe LOAD_ORDER_GROUP : TAG : 0 DISPLAY_NAME : Wondershare Native Push Service DEPENDENCIES : SERVICE_START_NAME : LocalSystem C:\>cacls "C:\Users\HninKayThayar\AppData\Local\Wondershare\Wondershare NativePush\WsNativePushService.exe" C:\Users\HninKayThayar\AppData\Local\Wondershare\Wondershare NativePush\WsNativePushService.exe BUILTIN\Users:(ID)F NT AUTHORITY\SYSTEM:(ID)F BUILTIN\Administrators:(ID)F HNINKAYTHAYAR\HninKayThayar:(ID)F


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top