MobileTrans 4.0.11 Weak Service Permissions

`Vendor Name: MobileTrans  
Product Name: MobileTrans  
Vendor Home Page: https://mobiletrans.wondershare.com/  
Affected Version(s): MobileTrans version 4.0.11  
Vulnerability Type: Weak Service Permissions (CWE-276)  
CVE Reference: CVE-2023-31748  
Security Researcher: Thurein Soe  
  
Vulnerability description:  
MobileTrans is World 1 mobile-to-mobile file transfer  
application.MobileTrans version 4.0.11 was being suffered a weak service  
permission vulnerability that allows a normal window user to elevate to  
local admin. The "ElevationService" service name was installed, while the  
MobileTrans version 4.0.11 was installed in the window option system. The  
service "ElevationService" allows the local user to elevate to the local  
admin. Effectively, the local user is able to elevate to local admin.  
  
C:\Users\HninKayThayar\Desktop>sc qc ElevationService  
[SC] QueryServiceConfig SUCCESS  
  
SERVICE_NAME: ElevationService  
TYPE : 10 WIN32_OWN_PROCESS  
START_TYPE : 2 AUTO_START  
ERROR_CONTROL : 1 NORMAL  
BINARY_PATH_NAME : C:\Program Files  
(x86)\Wondershare\MobileTrans\ElevationService.exe  
LOAD_ORDER_GROUP :  
TAG : 0  
DISPLAY_NAME : Wondershare Driver Install Service help  
DEPENDENCIES :  
SERVICE_START_NAME : LocalSystem  
  
C:\Users\HninKayThayar\Desktop>cacls "C:\Program Files  
(x86)\Wondershare\MobileTrans\ElevationService.exe"  
C:\Program Files (x86)\Wondershare\MobileTrans\ElevationService.exe  
Everyone:(ID)F  
NT  
AUTHORITY\SYSTEM:(ID)F  
  
BUILTIN\Administrators:(ID)F  
  
BUILTIN\Users:(ID)R  
  
APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES:(ID)R  
  
APPLICATION PACKAGE AUTHORITY\ALL RESTRICTED APPLICATION PACKAGES:(ID)R  
`