Home Tools Exploits & CVE's Macro Expert 4.9 Unquoted Service Path

Macro Expert 4.9 Unquoted Service Path

June 7, 2023

224

Macro Expert version 4.9 suffers from an unquoted service path vulnerability.

# Exploit Title: Macro Expert 4.9 - Unquoted Service Path
# Date: 04/06/2023
# Exploit Author: Murat DEMIRCI
# Vendor Homepage: http://www.macro-expert.com/
# Software Link: http://www.macro-expert.com/product/gm_setup_4.9.exe
# Version: 4.9
# Tested on: Windows 10

# Proof of Concept :

C:UsersMurat>sc qc "Macro Expert"
[SC] QueryServiceConfig SUCCESS

SERVICE_NAME: Macro Expert
        TYPE               : 10  WIN32_OWN_PROCESS
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : c:program files (x86)grasssoftmacro expertMacroService.exe
        LOAD_ORDER_GROUP   :
        TAG                : 0
        DISPLAY_NAME       : Macro Expert
        DEPENDENCIES       :
        SERVICE_START_NAME : LocalSystem

# If a malicious payload insert into related path and service is executed in anyway, this can gain new privilege access to the system and perform malicious acts.

Macro Expert 4.9 Unquoted Service Path

Follow us on Instagram @thecyberpost

EDITOR PICKS

EU failure to rein in spyware reflects lack of political will,...

US offers $5 million for info on North Korean IT workers...

Leafpub 1.1.9 Cross Site Scripting

POPULAR POSTS

ESET NOD32 Antivirus 17.1.11.0 Unquoted Service Path

Restaurant Reservation System Patches Easy-to-Exploit XSS Bug

Sniffle – A Sniffer For Bluetooth 5 And 4.X LE

POPULAR CATEGORY

GravCMS 1.10.7 Arbitrary YAML Write / Update

Multix 2.4 Cross Site Scripting

X2CRM 6.6 / 6.9 Cross Site Scripting