ADB Explorer UNC Path Vulnerability Leading to Remote Code Execution

A remote code execution vulnerability exists in ADB Explorer versions prior to Beta 0.9.26022. The issue arises because the application allows the 'ManualAdbPath' setting to be configured with a Universal Naming Convention (UNC) path, directing the ADB binary to a remote resource on an attacker-controlled network share. This capability enables an attacker to manipulate the ADB binary executed by the application, potentially leading to unauthorized code execution on the victim's machine with the same privileges as the user running ADB Explorer.

Impact

Exploitation of this vulnerability allows for remote code execution on the victim's machine, executed with the privileges of the user running ADB Explorer.

Reproduction

To reproduce this vulnerability, create a public SMB share and host a legitimate ADB binary. Then, create a settings file named 'App.txt' that includes a UNC path pointing to the ADB binary on the SMB share. Run ADB Explorer from the command line, providing the path to 'App.txt' as an argument. Once the application is running, replace the ADB binary on the SMB share with an arbitrary executable, such as 'calc.exe', and observe that the new binary is executed on the machine where ADB Explorer is running.

Remediation

Users should update to ADB Explorer Beta 0.9.26022 or later, where this vulnerability has been fixed.