[FD] Eagle Speed USB MODEM SOFTWARE Privilege Escalation

# Vulnerability Description: # When the Eagle Speed software is installed a service with name ZDServ is installed. # The service itself has the right permissions which do not allow to reconfigure the binary # but the path the binary is writable by any authenticated user. # # C:\Users\lowpriv>sc qc zdserv # [SC] QueryServiceConfig SUCCESS # # SERVICE_NAME: zdserv # TYPE : 110 WIN32_OWN_PROCESS (interactive) # START_TYPE : 2 AUTO_START # ERROR_CONTROL : 1 NORMAL # BINARY_PATH_NAME : "C:\ProgramData\ZDSupport\ZDServ\ZDServ.exe" # LOAD_ORDER_GROUP : # TAG : 0 # DISPLAY_NAME : ZDServ # DEPENDENCIES : # SERVICE_START_NAME : LocalSystem # # # # C:\Users\lowpriv>icacls "C:\ProgramData\ZDSupport\ZDServ\ZDServ.exe" # C:\ProgramData\ZDSupport\ZDServ\ZDServ.exe Everyone:(I)(F)

Source: Gmail -> IFTTT-> Blogger