{"id":58717,"date":"2024-08-08T20:39:58","date_gmt":"2024-08-08T17:39:58","guid":{"rendered":"https:\/\/packetstormsecurity.com\/files\/179983\/wfc6110-unquotedpath.txt"},"modified":"2024-08-08T20:39:58","modified_gmt":"2024-08-08T17:39:58","slug":"windows-firewall-control-6-11-0-unquoted-service-path","status":"publish","type":"post","link":"https:\/\/afaghhosting.net\/blog\/windows-firewall-control-6-11-0-unquoted-service-path\/","title":{"rendered":"Windows Firewall Control 6.11.0 Unquoted Service Path"},"content":{"rendered":"<p># Exploit Title: Microsoft Windows Firewall Control 6.11.0 &#8211; Unquoted<br \/>Service Path<br \/># Date: 2024-08-06<br \/># Exploit Author: Milad Karimi (Ex3ptionaL)<br \/># Contact: miladgrayhat@gmail.com<br \/># Zone-H: www.zone-h.org\/archive\/notifier=Ex3ptionaL<br \/># MiRROR-H: https:\/\/mirror-h.org\/search\/hacker\/49626\/<br \/># Vendor Homepage: http:\/\/www.binisoft.org<br \/># Software Link: http:\/\/www.binisoft.org<br \/># Version: 6.11.0<br \/># Tested on: Windows 10 Pro x64<\/p>\n<p>1. Description:<\/p>\n<p>Windows Firewall Control lacks of the quotes in filepath, causing it to be<br \/>a potential vector of privilege escalation attack.<br \/>To properly exploit this vulnerability, the local attacker must insert an<br \/>executable file in the path of the service. Upon service restart or system<br \/>reboot, the malicious code will be run with elevated privileges.<\/p>\n<p>2. POC<\/p>\n<p>C:\\&gt;sc qc &#8220;wfcs&#8221;<br \/>[SC] QueryServiceConfig SUCCESS<\/p>\n<p>SERVICE_NAME: wfcs<br \/>TYPE : 10 WIN32_OWN_PROCESS<br \/>START_TYPE : 2 AUTO_START<br \/>ERROR_CONTROL : 1 NORMAL<br \/>BINARY_PATH_NAME : &#8220;C:\\Program Files\\Windows Firewall<br \/>Control\\wfcs.exe&#8221;<br \/>LOAD_ORDER_GROUP :<br \/>TAG : 0<br \/>DISPLAY_NAME : Windows Firewall Control<br \/>DEPENDENCIES : MpsSvc<br \/>SERVICE_START_NAME : LocalSystem<\/p>\n<p>C:\\&gt;systeminfo<\/p>\n<p>OS Name: Microsoft Windows 10 Pro<br \/>OS Version: 10.0.19045 N\/A Build 19045<br \/>OS Manufacturer: Microsoft Corporation<\/p>\n","protected":false},"excerpt":{"rendered":"<p># Exploit Title: Microsoft Windows Firewall Control 6.11.0 &#8211; UnquotedService Path# Date: 2024-08-06# Exploit Author: Milad Karimi (Ex3ptionaL)# Contact: miladgrayhat@gmail.com# Zone-H: www.zone-h.org\/archive\/notifier=Ex3ptionaL# MiRROR-H: https:\/\/mirror-h.org\/search\/hacker\/49626\/# Vendor Homepage: http:\/\/www.binisoft.org# Software Link: http:\/\/www.binisoft.org# Version: 6.11.0# Tested on: Windows 10 Pro x64 1. Description: Windows Firewall Control lacks of the quotes in filepath, causing it to bea potential vector &hellip;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-58717","post","type-post","status-publish","format-standard","hentry","category-vulnerability"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/58717","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=58717"}],"version-history":[{"count":0,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/58717\/revisions"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=58717"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=58717"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=58717"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}