Sanyo Denki Sanups Software Unquoted Service Path Vulnerability Allowing Arbitrary Code Execution

A vulnerability exists in SANUPS SOFTWARE provided by SANYO DENKI CO., LTD., where Windows services are registered with unquoted file paths. This issue affects SANUPS SOFTWARE STANDALONE versions 1.0.1 to 1.1.4, as well as SANUPS SOFTWARE versions 2.0.0 to 2.0.2 and 1.0.0 to 1.1.4. A user with write permission on the root directory of the system drive could exploit this vulnerability to execute arbitrary code with SYSTEM privileges. The vulnerability arises because the installation path can be manipulated to execute malicious payloads as a service.

Impact

Exploitation of this vulnerability could lead to unauthorized execution of code with SYSTEM privileges, allowing for significant control over the affected system.

Reproduction

To reproduce this vulnerability, install an affected version of SANUPS SOFTWARE on a system where the installation path contains spaces. Once the software is installed, place a malicious executable in the path where the service executable is located. The service will execute the malicious program with elevated privileges.

Remediation

Users are advised to update SANUPS SOFTWARE STANDALONE to version 1.1.5 or SANUPS SOFTWARE to version 2.0.3. For SANUPS SOFTWARE versions 1.0.0 to 1.1.4, upgrade to version 3.0.1. Instructions for downloading the updated versions are available on the SANYO DENKI website.