Unquoted service path vulnerability in WCAssistantService Lavasoft


Vulnerability: Unquoted service path vulnerability in WCAssistantService Lavasoft

Severity: High

Impact: Any user that has Lavasoft webcompanion installed in their system can elevate his privilege on local system.

Description:

Web Companion blocks websites that try to steal your personal information by impersonating sites you know and trust. It keeps your passwords, payment and other personal information safe from hackers.

Unquoted service path exists for the service "WCAssistantService". This could potentially allow an authorized but non-privileged local user to execute arbitrary code with elevated privileges on the system.

How to check:
C:\>wmic service get name,displayname,pathname,startmode | findstr /i "auto" | findstr /i /v "c:\windows\\" | findstr /i /v """
WC Assistant                                                           WCAssistantService                                      C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe         Auto

Initial mail sent 2nd Nov 2017
Mail sent to webcompanion on 2nd Jan 2018 --> No response
Mail sent to webcompanion on 20th Jan 2018 --> No response
Disclosure date 23rd Jan 2018




Comments

  1. abbegailquattlebaum3 March 2022 at 07:57

    Caesars Casino, LLC - DrmCD
    Caesars 인천광역 출장샵 Casino, LLC is in the business of 안동 출장샵 providing 안성 출장샵 gambling and entertainment services to the Greater Phoenix area. Our 파주 출장안마 casino is 익산 출장샵 a Native American gaming

    ReplyDelete

Post a Comment

Popular posts from this blog

MY OSCP REVIEW

Image
MY OSCP REVIEW About me I am just a guy who has done B.E (Computer Engineering), C.E.H and I am doing vulnerability assessment for different clients in Mumbai. Inspiration to do OSCP Wanted to read technical stuff only then skip this para. Like other guyz I thought that OSCP is one of the most difficult task in the world of IT Security. And yes, it is one the difficult mission you could ever face. Back in Dec 2014 I was really bored with the conventional vulnerability assessment thing, I wanted to do some more exploitation and some black hat stuff. But in our job we were not allowed to do so, as the environment used to be critical most of the time and time for completing the task was less. So I asked few question on some group in facebook regarding How can I learn more exploitation stuff. There was a guy with the name Mr.WhiteW0rm who have given me a brilliant answer and recommended me to do OSCP. That time I thought though I won't be able to do OSCP but at least I...
Read more

Minishare 1.4.1 Bufferoverflow

Image
You can download the server from: https://www.dropbox.com/s/zhivgb79wtbce37/minishare-1.4.1.exe?dl=0 Exploit code in ruby: https://www.exploit-db.com/exploits/616/ The vulnerability is a long URL in the GET request. Eg:- GET AAAAAAAAAAAAAAAA..... HTTP/1.1 Lab Setup: 1) Windows xp ( I am using windows xp sp1) 2) Immunity debugger installed on the windows xp machine. 3) Minishare 1.4.1 installed on windows xp running on port 80. 2) Kali linux for scripting and exploiting. Configure the victim: I have installed Minishare server 1.4.1 and it is listening for connections on port 80, as depicted below. Generate Sample script to crash: We will try to smash the stack by sending a buffer of 2000 A's with the help of the following script. #!/usr/share/python import socket,sys s=socket.socket(socket.AF_INET,socket.SOCK_STREAM) s.connect((sys.argv[1],80)) buff="GET " buff+="A"*2000 buff+=" HTTP/1.1\r\n\r\n" s.send(buff) s.close...
Read more