NETGATE Registry Cleaner Unquoted Service Path Privilege Escalation Vulnerability

A privilege escalation vulnerability has been identified in NETGATE Registry Cleaner version 16.0.205. The issue arises from an unquoted service path in the NGRegClnSrv service, allowing local attackers to exploit the service binary path. By placing a malicious executable in the unquoted path and triggering a service restart or system reboot, attackers can execute code with LocalSystem privileges.

Impact

Exploitation of this vulnerability allows for unauthorized privilege escalation, with executed code running under the LocalSystem account, which has extensive rights on the system.

Reproduction

The vulnerability can be reproduced by placing a malicious executable in the unquoted service path of the NGRegClnSrv service. After the executable is placed, either the service can be restarted or the system can be rebooted, which will execute the malicious code with elevated privileges.