LogonExpert Unquoted Service Path Vulnerability in LogonExpert 8.1
Vulnerability
A vulnerability exists in LogonExpert version 8.1, specifically within the LogonExpertSvc service, which runs with LocalSystem privileges. This vulnerability is characterized by an unquoted service path, allowing attackers to exploit it by placing malicious executables in intermediate directories. Such actions could lead to elevated system access when the service starts up.
Impact
Exploitation of this vulnerability could allow for unauthorized execution of malicious payloads with elevated privileges, potentially leading to a full system compromise.
Reproduction
The vulnerability can be reproduced by installing LogonExpert 8.1 and then placing a malicious executable in a directory that the unquoted service path would access during startup. This can be verified by checking the service configuration with the 'sc qc LogonExpertSvc' command, which will show the unquoted path that can be exploited.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.