AnyDesk 7.0.15 Unquoted Service Path

2024.04.08
Credit: Milad Karimi
Risk: Medium
Local: Yes
Remote: No
CVE: N/A
CWE: N/A

# Exploit Title: AnyDesk 7.0.15 - Unquoted Service Path Privilege Escalation # Date: 2024-04-01 # Exploit Author: Milad Karimi (Ex3ptionaL) # Contact: miladgrayhat@gmail.com # Zone-H: www.zone-h.org/archive/notifier=Ex3ptionaL # Vendor Homepage: http://anydesk.com # Software Link: http://anydesk.com/download # Version: Software Version 7.0.15 # Tested on: Windows 10 Pro x64 1. Description: The Anydesk installs as a service with an unquoted service path running with SYSTEM privileges. This could potentially allow an authorized but non-privileged local user to execute arbitrary code with elevated privileges on the system. 2. Proof C:\>sc qc anydesk [SC] QueryServiceConfig SUCCESS SERVICE_NAME: anydesk TYPE : 10 WIN32_OWN_PROCESS START_TYPE : 2 AUTO_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : "C:\Program Files (x86)\AnyDesk\AnyDesk.exe" --service LOAD_ORDER_GROUP : TAG : 0 DISPLAY_NAME : AnyDesk Service DEPENDENCIES : RpcSs SERVICE_START_NAME : LocalSystem C:\>systeminfo OS Name: Microsoft Windows 10 Pro OS Version: 10.0.19045 N/A Build 19045 OS Manufacturer: Microsoft Corporation


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top