Home Tools Exploits & CVE's Epson USB Display 1.6.0.0 Unquoted Service Path

Epson USB Display 1.6.0.0 Unquoted Service Path

February 9, 2021

719

Epson USB Display version 1.6.0.0 suffers from an unquoted service path vulnerability.

# Exploit Title: Epson USB Display 1.6.0.0 - 'EMP_UDSA' Unquote Service Path
# Discovery by: Hector Gerbacio
# Discovery Date: 2021-02-05
# Vendor Homepage: https://epson.com.mx/
# Tested Version: 1.6.0.0
# Vulnerability Type: Unquoted Service Path
# Tested on OS: Windows 8.1 con Bing

# Step to discover Unquoted Service Path:

C:>wmic service get name, displayname, pathname, startmode | findstr /i "auto" | findstr /i /v "C:WINDOWS" | findstr /i "EMP_UDSA" | findstr /i /v """
EMP_UDSA    EMP_UDSA    C:Program Files (x86)EPSON ProjectorEpson USB Display V1.6EMP_UDSA.exe      Auto

# Service info:

C:>sc qc EMP_UDSA
[SC] QueryServiceConfig CORRECTO

NOMBRE_SERVICIO: EMP_UDSA
        TIPO               : 110  WIN32_OWN_PROCESS (interactive)
        TIPO_INICIO        : 2   AUTO_START
        CONTROL_ERROR      : 1   NORMAL
        NOMBRE_RUTA_BINARIO: C:Program Files (x86)EPSON ProjectorEpson USB Display V1.6EMP_UDSA.exe
        GRUPO_ORDEN_CARGA  :
        ETIQUETA           : 0
        NOMBRE_MOSTRAR     : EMP_UDSA
        DEPENDENCIAS       : RPCSS
        NOMBRE_INICIO_SERVICIO: LocalSystem

Epson USB Display 1.6.0.0 Unquoted Service Path

Follow us on Instagram @thecyberpost

EDITOR PICKS

BMC Compuware iStrobe Web 20.13 Shell Upload

WordPress WP Video Playlist 1.1.1 Cross Site Scripting

GLPI 10.x.x Remote Command Execution

POPULAR POSTS

Restaurant Reservation System Patches Easy-to-Exploit XSS Bug

Sniffle – A Sniffer For Bluetooth 5 And 4.X LE

Domhttpx – A Google Search Engine Dorker With HTTP Toolkit Built...

POPULAR CATEGORY

NodeBB Emoji 3.2.1 Arbitrary FIle Write

Free And Open Source Inventory Management System 1.0 SQL Injection

Voltage SecureMail Server Business Logic Bypass