| Reporter | Title | Published | Views | Family All 16 |
|---|---|---|---|---|
| Exploit for Unquoted Search Path or Element in Wondershare Filmora | 24 Apr 202316:36 | – | githubexploit | |
| Filmora 12 Build 1.0.0.7 Unquoted Service Path Vulnerability | 19 May 202300:00 | – | zdt | |
| Filmora 12 version ( Build 1.0.0.7) - Unquoted Service Paths Privilege Escalation Vulnerability | 26 May 202300:00 | – | zdt | |
| CVE-2023-31747 | 23 May 202323:15 | – | attackerkb | |
| CVE-2023-31747 | 15 Jan 202411:02 | – | circl | |
| Filmora 代码问题漏洞 | 20 May 202300:00 | – | cnnvd | |
| CVE-2023-31747 | 23 May 202300:00 | – | cve | |
| CVE-2023-31747 | 23 May 202300:00 | – | cvelist | |
| Filmora 12 version ( Build 1.0.0.7) - Unquoted Service Paths Privilege Escalation | 25 May 202300:00 | – | exploitdb | |
| EUVD-2023-36038 | 3 Oct 202520:07 | – | euvd |
`Vendor Name: Filmora
Product Name: Filmora 12 version ( Build 1.0.0.7 )
Vendor Home Page: https://filmora.wondershare.com/
Affected Version(s): Filmora 12 version (Build 12.2.1.2088)
Vulnerability Type: Unquoted Service Path Vulnerability (CWE-428)
CVE Reference: CVE-2023-31747
Security Researcher: Thurein Soe
Vulnerability description:
Filmora is professional video editing software. Wondershare NativePush
Build 1.0.0.7 was part of Filmora 12 (Build 12.2.1.2088) Wondershare
NativePush Build 1.0.0.7 was installed while Filmora 12 was installed. The
service name "NativePushService" was vulnerable to unquoted service paths
vulnerability which led to full local privilege escalation in the affected
system as the service "NativePushService" was running as a system
privilege. Effectively, the local user is able to elevate to local admin.
C:\>sc qc NativePushService
[SC] QueryServiceConfig SUCCESS
SERVICE_NAME: NativePushService
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME :
C:\Users\HninKayThayar\AppData\Local\Wondershare\Wondershare
NativePush\WsNativePushService.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Wondershare Native Push Service
DEPENDENCIES :
SERVICE_START_NAME : LocalSystem
C:\>cacls "C:\Users\HninKayThayar\AppData\Local\Wondershare\Wondershare
NativePush\WsNativePushService.exe"
C:\Users\HninKayThayar\AppData\Local\Wondershare\Wondershare
NativePush\WsNativePushService.exe
BUILTIN\Users:(ID)F
NT AUTHORITY\SYSTEM:(ID)F
BUILTIN\Administrators:(ID)F
HNINKAYTHAYAR\HninKayThayar:(ID)F
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation