Realtek 11n Wireless LAN utility privilege escalation.
 
Vulnerability Discovered by Humberto Cabrera @dniz0r
http://zeroscience.mk @zeroscience
 
Summary:
    ⁃   Realtek 11n Wireless LAN utility is deployed and used by realtek
alfa cards and more in order to help diagnose and view wireless card
properties.
 
Description:
  - Unquoted Privilege escalation that allows a user to gain SYSTEM
privileges.
 
Date - 12 Feb 2015
Version: 700.1631.106.2011
Vendor: www.realtek.com.tw
Advisory URL:
https://eaty0face.wordpress.com/2015/02/13/realtek-11n-wireless-lan-utility-privilege-escalation/
Tested on: Win7
 
[SC] QueryServiceConfig SUCCESS
 
SERVICE_NAME: realtek11ncu
        TYPE               : 110  WIN32_OWN_PROCESS (interactive)
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\Program Files\REALTEK\11n USB Wireless LAN
Utility\RtlService.exe
        LOAD_ORDER_GROUP   :
        TAG                : 0
        DISPLAY_NAME       : Realtek11nCU
        DEPENDENCIES       :
        SERVICE_START_NAME : LocalSystem
 
C:\Windows\system32>sc qc realtek11nsu
[SC] QueryServiceConfig SUCCESS
 
SERVICE_NAME: realtek11nsu
        TYPE               : 110  WIN32_OWN_PROCESS (interactive)
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\Program Files\REALTEK\Wireless LAN
Utility\RtlService.exe
        LOAD_ORDER_GROUP   :
        TAG                : 0
        DISPLAY_NAME       : Realtek11nSU
        DEPENDENCIES       :
        SERVICE_START_NAME : LocalSystem