Advanced System Care Service 13 Unquoted Service Path

Advanced System Care Service version 13 suffers from an unquoted service path vulnerability.


MD5 | d4bc265e5db84352221451e0ee1535df

# Title: Advanced System Care Service 13 - 'AdvancedSystemCareService13' Unquoted Service Path
# Author: Jair Amezcua
# Date: 2020-11-10
# Vendor Homepage: https://www.iobit.com
# Software Link: https://www.iobit.com/es/advancedsystemcarepro.php
# Version : 13.0.0.157
# Tested on: Windows 10 64bit(EN)
# CVE : N/A

# 1. Description:
# Unquoted service paths in Advanced System Care Service 13 v13.0.0.157 have an unquoted service path.

# PoC
===========

C:\>sc qc AdvancedSystemCareService13
[SC] QueryServiceConfig SUCCESS
SERVICE_NAME: AdvancedSystemCareService13
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\Program Files (x86)\Advanced SystemCare Pro\ASCService.exe
LOAD_ORDER_GROUP : System Reserved
TAG : 0
DISPLAY_NAME : Advanced SystemCare Service 13
DEPENDENCIES :
SERVICE_START_NAME : LocalSystem



#Description Exploit:
# A successful attempt would require the local user to be able to insert their code in the system root path
# undetected by the OS or other security applications where it could potentially be executed during
# application startup or reboot. If successful, the local user's code would execute with the elevated
# privileges of the application.

Related Posts