Lavasoft 2.3.4.7 lavasofttcpservice unquoted service path Vulnerability / Exploit

  /     /     /  

Exploits / Vulnerability Discovered : 2019-10-16 | Type : local | Platform : windows


[+] Code ...

# Lavasoft 2.3.4.7 - 'LavasoftTcpService' Unquoted Service Path
# Author: Luis MedinaL
# Date: 2019-10-15
# Vendor Homepage: https://www.adaware.com/
# Software Link : https://www.adaware.com/antivirus
# Version : 2.3.4.7
# Tested on: Microsoft Windows 10 Pro x64 ESP

# Description:
# Lavasoft 2.3.4.7 installs LavasoftTcpService as a service with an unquoted service path

C:\Users\Luis ML>sc qc LavasoftTcpService
[SC] QueryServiceConfig CORRECTO

NOMBRE_SERVICIO: LavasoftTcpService
TIPO : 10 WIN32_OWN_PROCESS
TIPO_INICIO : 2 AUTO_START
CONTROL_ERROR : 1 NORMAL
NOMBRE_RUTA_BINARIO: C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe
GRUPO_ORDEN_CARGA :
ETIQUETA : 0
NOMBRE_MOSTRAR : LavasoftTcpService
DEPENDENCIAS : RPCSS
NOMBRE_INICIO_SERVICIO: LocalSystem