ForensiTAppxService 2.2.0.4 Unquoted Service Path

`# Exploit Title: ForensiTAppxService 2.2.0.4 - 'ForensiTAppxService.exe' Unquoted Service Path  
# Discovery by: Burhanettin Özgenç  
# Discovery Date: 2020-09-15  
# Vendor Homepage: https://www.forensit.com/downloads.html  
# Tested Version: 2.2.0.4  
# Vulnerability Type: Unquoted Service Path  
# Tested on OS: Windows 10 Pro x64  
  
# Step to discover Unquoted Service Path:   
  
C:\>wmic service get name, pathname, displayname, startmode | findstr /i "Auto" | findstr /i /v "C:\Windows\\" | findstr /i "ForensiTAppxService" | findstr /i /v """  
  
ForensiT AppX Management Service ForensiTAppxService C:\Program Files (x86)\ForensiT\AppX Management Service\ForensiTAppxService.exe Auto  
  
# Service info:  
  
C:\>sc qc ForensiTAppxService  
[SC] QueryServiceConfig SUCCESS  
  
SERVICE_NAME: ForensiTAppxService  
TYPE : 10 WIN32_OWN_PROCESS  
START_TYPE : 2 AUTO_START  
ERROR_CONTROL : 1 NORMAL  
BINARY_PATH_NAME : C:\Program Files (x86)\ForensiT\AppX Management Service\ForensiTAppxService.exe  
LOAD_ORDER_GROUP :  
TAG : 0  
DISPLAY_NAME : ForensiT AppX Management Service  
DEPENDENCIES :  
SERVICE_START_NAME : LocalSystem  
  
# Exploit:  
# A successful attempt would require the local user to be able to insert their code in the system   
# root path undetected by the OS or other security applications where it could potentially be executed  
# during application startup or reboot. If successful, the local user's code would execute with   
# the elevated privileges of the application.  
`