Cain and Abel version 4.9.56 suffers from an unquoted service path vulnerability.
b85616cd8215aaedbc05f11ac0dc320e# Exploit Title: Cain & Abel 4.9.56 - Unquoted Service Path
# Exploit Author: Aryan Chehreghani
# Date: 2022-02-08
# Software Link: https://www.malavida.com/en/soft/cain-and-abel
# Version: 4.9.56
# Tested on: Windows 10 x64
# PoC
SERVICE_NAME: Abel
TYPE : 110 WIN32_OWN_PROCESS (interactive)
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\Program Files (x86)\Cain\Abel64.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Abel
DEPENDENCIES :
SERVICE_START_NAME : LocalSystem