Exploit for Cobian Backup Service Unquoted Service Path

## https://sploitus.com/exploit?id=PACKETSTORM:159783
# Exploit Title: Cobian Backup Service < 11 - Unquoted Service Path  
# Discovery by: yunaranyancat  
# Discovery Date: October 2020  
# Vendor Homepage: https://www.cobiansoft.com/  
# Software Link : https://files.cobiansoft.com/programs/cbSetup.exe  
# Tested Version: 11  
# Vulnerability Type: Unquoted Service Path  
# Tested on OS: Windows 10   
  
# Info  
  
It has been observed that Cobian Backup service ver. 11 and earlier suffers from Unquoted Service Path Vulnerability  
  
# Vulnerability discovery:  
  
Registry value : HKLM\SYSTEM\ControlSet001\Services\CobianBackup11  
  
# Service info:  
  
C:\>sc qc CobianBackup11  
[SC] QueryServiceConfig SUCCESS  
  
SERVICE_NAME: CobianBackup11  
TYPE : 10 WIN32_OWN_PROCESS  
START_TYPE : 2 AUTO_START  
ERROR_CONTROL : 1 Normal  
BINARY_PATH_NAME : C:\Program Files (x86)\Cobian Backup 11\cbService.exe  
LOAD_ORDER_GROUP :  
TAG : 0  
DISPLAY_NAME : Cobian Backup 11 Gravity  
DEPENDENCIES :  
SERVICE_START_NAME : LocalSystem  
  
# Exploit:  
  
This vulnerability could permit executing code during startup or reboot with the escalated privileges.