Sheed Antivirus Unquoted Service Path Privilege Escalation Vulnerability

A privilege escalation vulnerability has been identified in Sheed AntiVirus version 2.3, specifically within the ShavProt service. The issue arises from an unquoted service path, which allows local attackers to exploit the service binary path. By inserting a malicious executable into the unquoted path and triggering a service restart or system reboot, attackers can execute code with LocalSystem privileges.

Impact

Exploitation of this vulnerability allows for unauthorized privilege escalation, enabling local attackers to execute code with elevated rights.

Reproduction

To reproduce this vulnerability, first verify the presence of Sheed AntiVirus version 2.3 installed on the system. Check the service configuration for ShavProt to confirm the unquoted service path. Once confirmed, insert a malicious executable into the path of the ShavProt service. After placing the executable, either restart the ShavProt service or reboot the system. The malicious code will be executed with LocalSystem privileges, demonstrating the successful exploitation of the vulnerability.