Advertisement






Rumble Mail Server 0.51.3135 Unquoted Service Path

CVE Category Price Severity
CVE-2021-XXXX CWE-428 $500 High
Author Risk Exploitation Type Date
Unknown High Local 2020-12-08
CVSS EPSS EPSSP
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 0.02192 0.50148

CVSS vector description

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2020120047

Below is a copy:

Rumble Mail Server 0.51.3135 Unquoted Service Path
# Exploit Title: Rumble Mail Server 0.51.3135 - 'rumble_win32.exe' Unquoted Service Path
# Date: 2020-9-3
# Exploit Author: Mohammed Alshehri
# Vendor Homepage: http://rumble.sf.net/
# Software Link:  https://sourceforge.net/projects/rumble/files/Windows%20binaries/rumble_0.51.3135-setup.exe
# Version: Version 0.51.3135
# Tested on: Microsoft Windows 10 Education - 10.0.17763 N/A Build 17763


# Service info:

C:\Users\m507>sc qc "RumbleService"
[SC] QueryServiceConfig SUCCESS

SERVICE_NAME: RumbleService
        TYPE               : 10  WIN32_OWN_PROCESS
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\Program Files\Rumble\rumble_win32.exe --service
        LOAD_ORDER_GROUP   :
        TAG                : 0
        DISPLAY_NAME       : Rumble Mail Server
        DEPENDENCIES       :
        SERVICE_START_NAME : LocalSystem

C:\Users\m507>


# Exploit:
This vulnerability could permit executing code during startup or reboot with the escalated privileges.

Copyright ©2024 Exploitalert.

This information is provided for TESTING and LEGAL RESEARCH purposes only.
All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use and Privacy Policy and Impressum