Unquoted Service Path Privilege Escalation - dr.fone toolkit for ios <= 8.6.2
Vendor : Wondershare Group Software name : Dr.Fone Toolkit for ios Software Link : https://drfone.wondershare.com/?_ga=2.105848963.1280901965.1554639605-1170988400.1554290722 Dr.Fone Toolkit for ios through 8.6.2 has an unquoted service path, which allows a Security Feature Bypass of its documented "Block applications" design goal. The local attacker must have privileges to write to program.exe in a protected directory, such as the %SYSTEMDRIVE% directory, and thus the issue is not interpreted as a direct privilege escalation. However, the local attacker might have the goal of executing program.exe even though program.exe is a blocked application. Vulnerable Services C:\Users\vulns>sc qc "WsAppService" [SC] QueryServiceConfig SUCCESS SERVICE_NAME: WsAppService TYPE : 10 WIN32_OWN_PROCESS START_TYPE ...