Jump to content
  • Hello visitors, welcome to the Hacker World Forum!

    Red Team 1949  (formerly CHT Attack and Defense Team) In this rapidly changing Internet era, we maintain our original intention and create the best community to jointly exchange network technologies. You can obtain hacker attack and defense skills and knowledge in the forum, or you can join our Telegram communication group to discuss and communicate in real time. All kinds of advertisements are prohibited in the forum. Please register as a registered user to check our usage and privacy policy. Thank you for your cooperation.

    TheHackerWorld Official

TotalAV 5.15.69 - Unquoted Service Path

 Share


Recommended Posts

# Exploit Title: TotalAV 5.15.69 - Unquoted Service Path
# Date: 22/09/2021
# Exploit Author: Andrea Intilangelo
# Vendor Homepage: https://www.totalav.com
# Software Link: https://download.totalav.com/windows/beta-trial or https://install.protected.net/windows/cdn3/5.15.69/TotalAV.exe
# Version: 5.15.69
# Tested on: Windows 10 Pro 20H2 and 21H1 x64

The PC Security Management Service, PC Security Management Monitoring Service, and Anti-Malware SDK Protected Service
services from TotalAV version 5.15.69 are affected by unquoted service path (CWE-428) vulnerability which may allow a
user to gain SYSTEM privileges since they all running with higher privileges. To exploit the vulnerability is possible
to place executable(s) following the path of the unquoted string.

Affected excecutables services: SecurityService, SecurityServiceMonitor, AMSProtectedService:

PC Security Management Service 			SecurityService 	C:\Program Files (x86)\TotalAV\SecurityService.exe 			Auto
PC Security Management Monitoring Service 	SecurityServiceMonitor	C:\Program Files (x86)\TotalAV\SecurityService.exe --monitor 		Auto
Anti-Malware SDK Protected Service		AMSProtectedService 	C:\Program Files (x86)\TotalAV\savapi\elam_ppl\amsprotectedservice.exe 	Auto

C:\Users\user>sc qc SecurityService
[SC] QueryServiceConfig OPERAZIONI RIUSCITE

NOME_SERVIZIO: SecurityService
		TIPO 			  : 10  WIN32_OWN_PROCESS
		TIPO_AVVIO 		  : 2   AUTO_START
		CONTROLLO_ERRORE 	  : 1   NORMAL
		NOME_PERCORSO_BINARIO	  : C:\Program Files(x86)\TotalAV\SecurityService.exe
		GRUPPO_ORDINE_CARICAMENTO :
		TAG 			  : 0
		NOME_VISUALIZZATO 	  : PC Security Management Service
		DIPENDENZE		  :
		SERVICE_START_NAME : LocalSystem

C:\Users\user>sc qc SecurityServiceMonitor
[SC] QueryServiceConfig OPERAZIONI RIUSCITE

NOME_SERVIZIO: SecurityServiceMonitor
		TIPO 			  : 10  WIN32_OWN_PROCESS
		TIPO_AVVIO 		  : 2   AUTO_START
		CONTROLLO_ERRORE	  : 1   NORMAL
		NOME_PERCORSO_BINARIO 	  : C:\Program Files(x86)\TotalAV\SecurityService.exe --monitor
		GRUPPO_ORDINE_CARICAMENTO :
		TAG 			  : 0
		NOME_VISUALIZZATO 	  : PC Security Management Monitoring Service
		DIPENDENZE 		  :
		SERVICE_START_NAME : LocalSystem

C:\Users\user>sc qc AMSProtectedService
[SC] QueryServiceConfig OPERAZIONI RIUSCITE

NOME_SERVIZIO: AMSProtectedService
		TIPO 			  : 10  WIN32_OWN_PROCESS
		TIPO_AVVIO 		  : 2   AUTO_START
		CONTROLLO_ERRORE	  : 1   NORMAL
		NOME_PERCORSO_BINARIO 	  : C:\Program Files (x86)\TotalAV\savapi\elam_ppl\amsprotectedservice.exe
		GRUPPO_ORDINE_CARICAMENTO :
		TAG 			  : 0
		NOME_VISUALIZZATO 	  : Anti-Malware SDK Protected Service
		DIPENDENZE 		  :
		SERVICE_START_NAME : LocalSystem
            
Link to post
Link to comment
Share on other sites

 Share

discussion group

discussion group

    You don't have permission to chat.
    • Recently Browsing   0 members

      • No registered users viewing this page.
    ×
    ×
    • Create New...