From c27f5a1741c275f00f68384192f43cab3ad93cbd Mon Sep 17 00:00:00 2001 From: Exploit-DB Date: Wed, 17 Jul 2024 00:16:34 +0000 Subject: [PATCH] DB: 2024-07-17 2 changes to exploits/shellcodes/ghdb Bonjour Service 'mDNSResponder.exe' - Unquoted Service Path Privilege Escalation --- exploits/windows/local/52061.txt | 34 ++++++++++++++++++++++++++++++++ files_exploits.csv | 1 + 2 files changed, 35 insertions(+) create mode 100644 exploits/windows/local/52061.txt diff --git a/exploits/windows/local/52061.txt b/exploits/windows/local/52061.txt new file mode 100644 index 0000000000..6334ad61ef --- /dev/null +++ b/exploits/windows/local/52061.txt @@ -0,0 +1,34 @@ +# Exploit Title: Bonjour Service - 'mDNSResponder.exe' Unquoted Service +Path +# Discovery by: bios +# Discovery Date: 2024-15-07 +# Vendor Homepage: https://developer.apple.com/bonjour/ +# Tested Version: 3,0,0,10 +# Vulnerability Type: Unquoted Service Path +# Tested on OS: Microsoft Windows 10 Home + +# Step to discover Unquoted Service Path: + +C:\>wmic service get name,displayname,pathname,startmode |findstr /i "auto" +|findstr /i /v "c:\windows\\" |findstr /i /v """ +Bonjour Service + Bonjour Service +C:\Program Files\Blizzard\Bonjour Service\mDNSResponder.exe + Auto + +C:\>systeminfo + +Host Name: DESKTOP-HFBJOBG +OS Name: Microsoft Windows 10 Home +OS Version: 10.0.19045 N/A Build 19045 + +PS C:\Program Files\Blizzard\Bonjour Service> powershell -command +"(Get-Command .\mDNSResponder.exe).FileVersionInfo.FileVersion" +>> +3,0,0,10 + +#Exploit: + +There is an Unquoted Service Path in Bonjour Services (mDNSResponder.exe) . +This may allow an authorized local user to insert arbitrary code into the +unquoted service path and escalate privileges. \ No newline at end of file diff --git a/files_exploits.csv b/files_exploits.csv index 03baae9afe..030d5cfa8a 100644 --- a/files_exploits.csv +++ b/files_exploits.csv @@ -39906,6 +39906,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd 50761,exploits/windows/local/50761.txt,"Bluetooth Application 5.4.277 - 'BlueSoleilCS' Unquoted Service Path",2022-02-18,SamAlucard,local,windows,,2022-02-18,2022-02-18,0,,,,,, 35714,exploits/windows/local/35714.pl,"BlueVoda Website Builder 11 - '.bvp' Local Stack Buffer Overflow",2011-05-09,KedAns-Dz,local,windows,,2011-05-09,2015-01-07,1,,,,,,https://www.securityfocus.com/bid/47753/info 25883,exploits/windows/local/25883.txt,"BOINC Manager (Seti@home) 7.0.64 - Field Buffer Overflow (SEH)",2013-06-02,xis_one,local,windows,,2013-06-02,2013-06-02,1,OSVDB-94099,,,,, +52061,exploits/windows/local/52061.txt,"Bonjour Service 'mDNSResponder.exe' - Unquoted Service Path Privilege Escalation",2024-07-16,bios,local,windows,,2024-07-16,2024-07-16,0,,,,,, 49851,exploits/windows/local/49851.txt,"BOOTP Turbo 2.0.0.1253 - 'bootpt.exe' Unquoted Service Path",2021-05-10,"Erick Galindo",local,windows,,2021-05-10,2021-05-10,0,,,,,http://www.exploit-db.combootpt_demo_x64.exe, 48078,exploits/windows/local/48078.txt,"BOOTP Turbo 2.0.1214 - 'BOOTP Turbo' Unquoted Service Path",2020-02-17,boku,local,windows,,2020-02-17,2020-02-17,0,,,,,http://www.exploit-db.combootpt_demo_IA32.exe, 49089,exploits/windows/local/49089.py,"Boxoft Audio Converter 2.3.0 - '.wav' Buffer Overflow (SEH)",2020-11-23,"Luis Martínez",local,windows,,2020-11-23,2020-11-23,1,,,,,,