Cain and Abel version 4.9.56 suffers from an unquoted service path vulnerability.
# Exploit Title: Cain & Abel 4.9.56 - Unquoted Service Path
# Exploit Author: Aryan Chehreghani
# Date: 2022-02-08
# Software Link: https://www.malavida.com/en/soft/cain-and-abel
# Version: 4.9.56
# Tested on: Windows 10 x64
# PoC
SERVICE_NAME: Abel
TYPE : 110 WIN32_OWN_PROCESS (interactive)
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:Program Files (x86)CainAbel64.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Abel
DEPENDENCIES :
SERVICE_START_NAME : LocalSystem
