# Exploit Title: HotKey Clipboard - Privilege Escalation Unquoted Service Path
# Date: 2023/01/17
# Exploit Author : Wim Jaap van Vliet
# Vendor Homepage:
# Software Link:
# Version:
# Tested on: Windows 11 Pro 10.0.22000

# Exploit
The Hotkey Clipboard Service 'HKClipSvc', installed as part of Control Center3.0 v3.97 (and earlier versions) by Clevo has a unquoted service path.
This software package is usually installed on Clevo laptops (or other brands using Clevo barebones) as a driver.
This could potentially allow an authorized but non-privileged local user to execute arbitrary code with system privileges on the system.

# Information

C:\>sc qc "HKClipSvc"
[SC] QueryServiceConfig SUCCESS

        TYPE               : 10  WIN32_OWN_PROCESS
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\Program Files (x86)\ControlCenter\Driver\x64\HKClipSvc.exe
        LOAD_ORDER_GROUP   :
        TAG                : 0
        DISPLAY_NAME       : HotKey Clipboard Service
        DEPENDENCIES       :
        SERVICE_START_NAME : LocalSystem