Mobiletrans4.0.11 weak service privilege escalation Vulnerability / Exploit
/
/
/
Exploits / Vulnerability Discovered : 2023-05-23 |
Type : local |
Platform : windows
This exploit / vulnerability Mobiletrans4.0.11 weak service privilege escalation is for educational purposes only and if it is used you will do on your own risk!
[+] Code ...
# Exploit Title :MobileTrans 4.0.11 - Weak Service Privilege Escalation
# Date: 20 May 2023
# Exploit Author: Thurein Soe
# Vendor Homepage: https://mobiletrans.wondershare.com/
# Software Link:
https://mega.nz/file/0Et0ybRS#l69LRlvwrwmqDfPGKl_HaJ5LmbeKJu_wH0xYKD8nSVg
# Version: MobileTrans version 4.0.11
# Tested on: Window 10 (Version 10.0.19045.2965)
# CVE : CVE-2023-31748
Vulnerability Description:
MobileTrans is World 1 mobile-to-mobile file transfer
application.MobileTrans version 4.0.11 was being suffered a weak service
permission vulnerability that allows a normal window user to elevate to
local admin. The "ElevationService" service name was installed, while the
MobileTrans version 4.0.11 was installed in the window operating system.
The service "ElevationService" allows the local user to elevate to the
local admin as The "ElevationService" run with system privileges.
Effectively, the local user is able to elevate to local admin upon
successfully modifying the service or replacing the affected executable.