Unquoted service path local privilege escalation CVE 2017-6005



Waves MaxxAudit when installed adds a windows service with the name "WavesSysSvc". This service has a vulnerability known as Unquoted Service Path.
This could potentially allow an authorized but non-privileged local user to execute arbitrary code with elevated privileges on the system.


Version tested on:

Comments

Popular posts from this blog

MY OSCP REVIEW

Minishare 1.4.1 Bufferoverflow

Port forwarding and pivoting