CVE-2020-36935

KMSpico 17.1.0.0 contains an unquoted service path vulnerability in the KMSELDI service configuration (C:\Program Files\KMSpico\Service_KMS.exe) that allows local attackers with access to potentially execute arbitrary code and escalate privileges by injecting a malicious executable. The available...

KMSpico (Service KMSELDI) 17.1.0.0 - Unquoted Service Path Vulnerability

Exploit Title: KMSpico 17.1.0.0 - 'Service KMSELDI' Unquoted Service Path Exploit Author : SamAlucard Vendor : KMSpico Version : ServiceKMS 17.1.0.0 Vendor Homepage : https://official-kmspico.com/ Tested on OS: Windows 7 Pro Analyze PoC : ============== C:\sc qc "Service KMSELDI" SC...