DiskBoss Service Unquoted Service Path Vulnerability Allowing Elevated Privileges

A vulnerability exists in DiskBoss Service version 12.2.18 due to an unquoted service path in the binary path configuration. This flaw allows local attackers to execute code with elevated privileges. Exploitation involves placing malicious executables in locations that the unquoted path may reference, enabling attackers to gain system-level access when the service starts up.

Impact

Exploitation of this vulnerability could lead to unauthorized code execution with elevated privileges, allowing a user to execute malicious payloads with system-level rights.

Reproduction

The vulnerability can be reproduced by installing DiskBoss Service version 12.2.18. After installation, the unquoted service path can be verified using the Windows Management Instrumentation Command-line (WMIC) tool. The service name 'DiskBoss Service' can be queried to reveal the unquoted binary path. Once the unquoted path is identified, malicious executables can be placed in a location that the service will reference, such as the Program Files directory. When the service is started, the malicious executables will be executed with elevated privileges.