ELAN Smart-Pad 11.10.15.1 - 'ETDService' Unquoted Service Path

2020-02-06
ID: 102572
CVE: None
Download vulnerable application: None
#Exploit Title: 
#Exploit Author : ZwX
#Exploit Date: 2020-02-05
#Vendor : ELAN Microelectronics
#Vendor Homepage : http://www.emc.com.tw/
#Tested on OS: Windows 10 v1803


#Analyze PoC :
==============


C:\Users\ZwX>sc qc ETDService
[SC] QueryServiceConfig réussite(s)

SERVICE_NAME: ETDService
        TYPE               : 10  WIN32_OWN_PROCESS
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\Program Files\Elantech\ETDService.exe
        LOAD_ORDER_GROUP   :
        TAG                : 0
        DISPLAY_NAME       : Elan Service
        DEPENDENCIES       :
        SERVICE_START_NAME : LocalSystem
1-4-2 (www01)