what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Advanced Host Monitor 12.56 Unquoted Service Path

Advanced Host Monitor 12.56 Unquoted Service Path
Posted May 3, 2023
Authored by Mr Empy

Advanced Host Monitor version 12.56 suffers from an unquoted service path vulnerability.

tags | exploit
advisories | CVE-2023-2417
SHA-256 | 345729204fd62ea669a733d90946c008f6634738cd6a29af717aa4eda7454e05

Advanced Host Monitor 12.56 Unquoted Service Path

Change Mirror Download
# Exploit Title: Advanced Host Monitor v12.56 - Unquoted Service Path
# Date: 2023-04-23
# CVE: CVE-2023-2417
# Exploit Author: MrEmpy
# Vendor Homepage: https://www.ks-soft.net
# Software Link: https://www.ks-soft.net/hostmon.eng/downpage.htm
# Version: > 12.56
# Tested on: Windows 10 21H2


Title:
================
Advanced Host Monitor > 12.56 - Unquoted Service Path


Summary:
================
An unquoted service path vulnerability has been discovered in Advanced Host
Monitor version > 12.56 affecting the executable "C:\Program Files
(x86)\HostMonitor\RMA-Win\rma_active.exe" . This vulnerability occurs when
the service's path is misconfigured, allowing an attacker to run a
malicious file instead of the legitimate executable associated with the
service.

An attacker with local user privileges could exploit this vulnerability to
replace the legitimate RMA-Win\rma_active.exe service executable with a
malicious file of the same name and located in a directory that has a
higher priority than the legitimate directory. That way, when the service
starts, it will run the malicious file instead of the legitimate
executable, allowing the attacker to execute arbitrary code, gain
unauthorized access to the compromised system, or stop the service from
functioning.

To exploit this vulnerability, an attacker would need local access to the
system and the ability to write and replace files on the system. The
vulnerability can be mitigated by correcting the service path to correctly
quote the full path of the executable, including quotation marks.
Furthermore, it is recommended that users keep software updated with the
latest security updates and limit physical and network access to their
systems to prevent malicious attacks.


Proof of Concept:
================

C:\>sc qc ActiveRMAService
[SC] QueryServiceConfig SUCCESS

SERVICE_NAME: ActiveRMAService
TYPE : 110 WIN32_OWN_PROCESS (interactive)
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\Program Files
(x86)\HostMonitor\RMA-Win\rma_active.exe /service
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : KS Active Remote Monitoring Agent
DEPENDENCIES :
SERVICE_START_NAME : LocalSystem

Login or Register to add favorites

File Archive:

July 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    27 Files
  • 2
    Jul 2nd
    10 Files
  • 3
    Jul 3rd
    35 Files
  • 4
    Jul 4th
    27 Files
  • 5
    Jul 5th
    18 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    28 Files
  • 9
    Jul 9th
    44 Files
  • 10
    Jul 10th
    24 Files
  • 11
    Jul 11th
    25 Files
  • 12
    Jul 12th
    11 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    28 Files
  • 16
    Jul 16th
    6 Files
  • 17
    Jul 17th
    34 Files
  • 18
    Jul 18th
    6 Files
  • 19
    Jul 19th
    34 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    19 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close