Lucene search

K
zdtAntonio Cuomo1337DAY-ID-37635
HistoryApr 19, 2022 - 12:00 a.m.

Microsoft Exchange Mailbox Assistants 15.0.847.40 - Unquoted Service Path Vulnerability

2022-04-1900:00:00
Antonio Cuomo
0day.today
301
microsoft exchange
mailbox assistants
unquoted service path
vulnerability
microsoft
version 15.0.847.40
service start name
# Exploit Title: Microsoft Exchange Mailbox Assistants  15.0.847.40 - 'Service MSExchangeMailboxAssistants' Unquoted Service Path
# Exploit Author: Antonio Cuomo (arkantolo)
# Vendor : Microsoft
# Version : 15.0.847.40
# Tested on OS: Microsoft Exchange Server 2013 SP1

#PoC :
==============

C:\>sc qc MSExchangeMailboxAssistants
[SC] QueryServiceConfig OPERAZIONI RIUSCITE

NOME_SERVIZIO: MSExchangeMailboxAssistants
        TIPO                      : 10  WIN32_OWN_PROCESS
        TIPO_AVVIO                : 2   AUTO_START
        CONTROLLO_ERRORE          : 1   NORMAL
        NOME_PERCORSO_BINARIO     : C:\Program Files\Microsoft\Exchange Server\V15\Bin\MSExchangeMailboxAssistants.exe
        GRUPPO_ORDINE_CARICAMENTO : 
        TAG                       : 0
        NOME_VISUALIZZATO         : Microsoft Exchange Mailbox Assistants
        DIPENDENZE                :
        SERVICE_START_NAME : LocalSystem