Bluetooth Application 5.4.277 - 'BlueSoleilCS' Unquoted Service Path

EDB-ID:

50761

CVE:

N/A


Author:

SamAlucard

Type:

local


Platform:

Windows

Date:

2022-02-18


#Exploit Title: Bluetooth Application 5.4.277 - 'BlueSoleilCS' Unquoted Service Path
#Exploit Date: 2022-02-17
#Vendor :  IVT Corp
#Version : BlueSoleilCS 5.4.277
#Vendor Homepage : www.ivtcorporation.com
#Tested on OS: Windows 7 Pro

#This software installs EDTService.exe version 11.10.2.1

#Analyze PoC :
==============
C:\>sc qc BlueSoleilCS
[SC] QueryServiceConfig CORRECTO

NOMBRE_SERVICIO: BlueSoleilCS
        TIPO               : 120  WIN32_SHARE_PROCESS (interactive)
        TIPO_INICIO        : 2   AUTO_START
        CONTROL_ERROR      : 1   NORMAL
        NOMBRE_RUTA_BINARIO: C:\Program Files\IVT
Corporation\BlueSoleil\BlueSoleilCS.exe
        GRUPO_ORDEN_CARGA  :
        ETIQUETA           : 0
        NOMBRE_MOSTRAR     : BlueSoleilCS
        DEPENDENCIAS       : RPCSS
        NOMBRE_INICIO_SERVICIO: LocalSystem