MTSoftware C-Lodop Unquoted Search Path Vulnerability in CLodopPrintService

A critical unquoted service path vulnerability has been identified in MTSoftware C-Lodop version 6.6.1.1 on Windows. This vulnerability resides in the CLodopPrintService component, where the absence of quotation marks in the service's binary path allows for manipulation. As a result, a local attacker could potentially escalate privileges, since the service runs with system rights. The vulnerability arises because the Windows operating system executes the first instance of a space-separated service path it encounters, which could be exploited if the attacker has write access to the C Drive or another installed drive.

Impact

Exploitation of this vulnerability could lead to local privilege escalation, allowing an attacker to gain elevated rights on the system.

Reproduction

To reproduce this vulnerability, first check for the existence of an unquoted service path in the CLodopPrintService. Then, create a Program.exe file in the C Drive directory. After that, restart the CLodopPrintService or reboot the Windows system. The Program.exe will execute a command to retrieve system information and write it to a text file, demonstrating that it was executed with system privileges.

Remediation

Users are advised to upgrade to C-Lodop version 6.6.13 or later.