{"id":56529,"date":"2024-04-29T20:19:55","date_gmt":"2024-04-29T16:19:55","guid":{"rendered":"https:\/\/packetstormsecurity.com\/files\/178294\/esetnod32av171110-unquotedpath.txt"},"modified":"2024-04-29T20:19:55","modified_gmt":"2024-04-29T16:19:55","slug":"eset-nod32-antivirus-17-1-11-0-unquoted-service-path","status":"publish","type":"post","link":"https:\/\/afaghhosting.net\/blog\/eset-nod32-antivirus-17-1-11-0-unquoted-service-path\/","title":{"rendered":"ESET NOD32 Antivirus 17.1.11.0 Unquoted Service Path"},"content":{"rendered":"<p># Exploit Title: ESET NOD32 Antivirus 17.1.11.0 &#8211; Unquoted Service Path<br \/># Exploit Author: Milad Karimi (Ex3ptionaL)<br \/># Exploit Date: 2024-04-27<br \/># Contact: miladgrayhat@gmail.com<br \/># Zone-H: www.zone-h.org\/archive\/notifier=Ex3ptionaL<br \/># Vendor : https:\/\/www.eset.com<br \/># Version : 17.1.11.0<br \/># Tested on OS: Microsoft Windows 10 pro x64<\/p>\n<p>About Unquoted Service Path :<br \/>==============================<\/p>\n<p>When a service is created whose executable path contains spaces and isn&#8217;t<br \/>enclosed within quotes, leads to a vulnerability known as Unquoted Service<br \/>Path which allows a user to gain SYSTEM privileges.<br \/>(only if the vulnerable service is running with SYSTEM privilege level<br \/>which most of the time it is).<\/p>\n<p>C:\\&gt;wmic service get name,displayname,pathname,startmode |findstr \/i &#8220;auto&#8221;<br \/>|findstr \/i \/v &#8220;c:\\windows\\\\&#8221; |findstr \/i \/v &#8220;&#8221;&#8221;<\/p>\n<p>ESET Updater ESETServiceSvc C:\\Program Files (x86)\\ESET\\ESET<br \/>Security\\ekrn.exe<\/p>\n<p>C:\\&gt;sc qc ekrn<br \/>[SC] QueryServiceConfig SUCCESS<\/p>\n<p>SERVICE_NAME: ekrn<br \/>TYPE : 20 WIN32_SHARE_PROCESS<br \/>START_TYPE : 2 AUTO_START<br \/>ERROR_CONTROL : 1 NORMAL<br \/>BINARY_PATH_NAME : &#8220;C:\\Program Files\\ESET\\ESET Security\\ekrn.exe&#8221;<br \/>LOAD_ORDER_GROUP : Base<br \/>TAG : 0<br \/>DISPLAY_NAME : ESET Service<br \/>DEPENDENCIES :<br \/>SERVICE_START_NAME : LocalSystem<\/p>\n","protected":false},"excerpt":{"rendered":"<p># Exploit Title: ESET NOD32 Antivirus 17.1.11.0 &#8211; Unquoted Service Path# Exploit Author: Milad Karimi (Ex3ptionaL)# Exploit Date: 2024-04-27# Contact: miladgrayhat@gmail.com# Zone-H: www.zone-h.org\/archive\/notifier=Ex3ptionaL# Vendor : https:\/\/www.eset.com# Version : 17.1.11.0# Tested on OS: Microsoft Windows 10 pro x64 About Unquoted Service Path :============================== When a service is created whose executable path contains spaces and isn&#8217;tenclosed within &hellip;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-56529","post","type-post","status-publish","format-standard","hentry","category-vulnerability"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/56529","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=56529"}],"version-history":[{"count":0,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/56529\/revisions"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=56529"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=56529"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=56529"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}