Bonjour Service mDNSResponder.exe Unquoted Service Path Privilege Escalation

2024.07.17
Credit: bios
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-264

# Exploit Title: Bonjour Service - 'mDNSResponder.exe' Unquoted Service Path # Discovery by: bios # Discovery Date: 2024-15-07 # Vendor Homepage: https://developer.apple.com/bonjour/ # Tested Version: 3,0,0,10 # Vulnerability Type: Unquoted Service Path # Tested on OS: Microsoft Windows 10 Home # Step to discover Unquoted Service Path: C:\>wmic service get name,displayname,pathname,startmode |findstr /i "auto" |findstr /i /v "c:\windows\\" |findstr /i /v """ Bonjour Service Bonjour Service C:\Program Files\Blizzard\Bonjour Service\mDNSResponder.exe Auto C:\>systeminfo Host Name: DESKTOP-HFBJOBG OS Name: Microsoft Windows 10 Home OS Version: 10.0.19045 N/A Build 19045 PS C:\Program Files\Blizzard\Bonjour Service> powershell -command "(Get-Command .\mDNSResponder.exe).FileVersionInfo.FileVersion" >> 3,0,0,10 #Exploit: There is an Unquoted Service Path in Bonjour Services (mDNSResponder.exe) . This may allow an authorized local user to insert arbitrary code into the unquoted service path and escalate privileges.


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top