Exploit for EG Free AntiVirus 2020 Privilege Escalation / Unquoted Service Path CVE-2021-46439

## https://sploitus.com/exploit?id=PACKETSTORM:166554
# Exploit Title: EG Free AntiVirus v2020 - Unquoted Service Path (Local Privilege Escalation)  
# Date: 24/01/2022  
# Exploit Author: Shahrukh Iqbal Mirza (@shahrukhiqbal24)  
# Vendor Homepage: http://www.egsoftweb.in/index.aspx  
# Software Link: http://www.egsoftweb.in/OurProduct_Readmore.aspx?id=6  
# Version: 2020  
# Tested: Windows 10 (x64)  
# CVE: CVE-2021-46439  
  
-------------  
Description:  
-------------  
  
EG Free AntiVirus (v2020) installs a service (WinSEGAV AutoConfig) with  
an unquoted service path. Since this service is running as SYSTEM, it  
creates a local privilege escalation vulnerability. To properly exploit  
this vulnerability, a local attacker must insert an executable in the  
path of the service. Rebooting the system or restarting the service  
will run the malicious executable with elevated privileges.  
  
------------------  
Proof of Concept:  
------------------  
  
C:\Users\shah>sc qc “WinSEGAV AutoConfig”  
[SC] QueryServiceConfig SUCCESS  
  
SERVICE_NAME: WinSEGAV AutoConfig  
TYPE : 10 WIN32_OWN_PROCESS  
START_TYPE : 2 AUTO_START  
ERROR_CONTROL : 1 NORMAL  
BINARY_PATH_NAME : C:\Program Files\EGSoftWeb\EG Anti  
Virus\egavser.exe  
LOAD_ORDER_GROUP :  
TAG : 0  
DISPLAY_NAME : Windows Service For EG Free AntiVirus  
DEPENDENCIES :  
SERVICE_START_NAME : LocalSystem  
  
  
Best regards,  
Shahrukh Iqbal Mirza.