what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

EPSON EasyMP Network Projection 2.81 Unquoted Service Path

EPSON EasyMP Network Projection 2.81 Unquoted Service Path
Posted Feb 14, 2020
Authored by Roberto Pina

EPSON EasyMP Network Projection version 2.81 suffers from an unquoted service path vulnerability.

tags | exploit
SHA-256 | 88c4c8e60a99cb86cb49c2933c34129d57b2526f6c6c23038743dcaf9a2538b2

EPSON EasyMP Network Projection 2.81 Unquoted Service Path

Change Mirror Download
# Exploit Title: EPSON EasyMP Network Projection 2.81 - 'EMP_NSWLSV' Unquoted Service Path
# Discovery by: Roberto PiƱa
# Discovery Date: 2020-02-13
# Vendor Homepage: https://epson.com/support/easymp-network-projection-v2-86-for-windows
# Software Link :https://ftp.epson.com/drivers/epson16189.exe
# SEIKO EPSON CORP
# Tested Version: 2.81
# Vulnerability Type: Unquoted Service Path
# Tested on OS: Windows 10 Home x64 en

# Step to discover Unquoted Service Path:


C:\>wmic service get name, displayname, pathname, startmode | findstr /i "Auto" | findstr /i /v "C:\Windows\\" | findstr /i "EPSON" | findstr /i /v """
EMP_NSWLSV EMP_NSWLSV C:\Program Files (x86)\EPSON Projector\EasyMP Network Projection V2\EMP_NSWLSV.exe Auto

C:\>sc qc "EMP_NSWLSV"
[SC] QueryServiceConfig SUCCESS
SERVICE_NAME: EMP_NSWLSV
TYPE : 110 WIN32_OWN_PROCESS (interactive)
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\Program Files (x86)\EPSON Projector\EasyMP Network Projection V2\EMP_NSWLSV.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : EMP_NSWLSV
DEPENDENCIES : RPCSS
SERVICE_START_NAME : LocalSystem

#Exploit:
# A successful attempt would require the local user to be able to insert their code in the system root path
# undetected by the OS or other security applications where it could potentially be executed during
# application startup or reboot. If successful, the local user's code would execute with the elevated
# privileges of the application.
Login or Register to add favorites

File Archive:

September 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    261 Files
  • 2
    Sep 2nd
    17 Files
  • 3
    Sep 3rd
    38 Files
  • 4
    Sep 4th
    52 Files
  • 5
    Sep 5th
    23 Files
  • 6
    Sep 6th
    27 Files
  • 7
    Sep 7th
    0 Files
  • 8
    Sep 8th
    1 Files
  • 9
    Sep 9th
    16 Files
  • 10
    Sep 10th
    38 Files
  • 11
    Sep 11th
    21 Files
  • 12
    Sep 12th
    40 Files
  • 13
    Sep 13th
    18 Files
  • 14
    Sep 14th
    0 Files
  • 15
    Sep 15th
    0 Files
  • 16
    Sep 16th
    0 Files
  • 17
    Sep 17th
    0 Files
  • 18
    Sep 18th
    0 Files
  • 19
    Sep 19th
    0 Files
  • 20
    Sep 20th
    0 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close