Upon service restart or system reboot, the malicious code will be run with elevated privileges. The WsAppService.exe process is also known as Wondershare AppService or, as the case may be, Wondershare Passport and is a part of Wondershare App Framework or, as the case may be. ![]() The local attacker must have privileges to write to program. C:>sc qc WsAppService SC QueryServiceConfig. Upon service restart or system reboot, the malicious code will be run with elevated privileges. ![]() ![]() BINARY_PATH_NAME : C:\Program Files (x86)\Wondershare\WAF\2.4.3.225\WsAppService.exeĭISPLAY_NAME : Wondershare Application Framework ServiceīINARY_PATH_NAME : C:\Program Files (x86)\Wondershare\Wondershare dr.fone toolkit for iOS\Library\DriverInstaller\DriverInstall.exeĭISPLAY_NAME : Wondershare Driver Install ServiceĪ successful attempt would require the local attacker must insert an executable file in the path of the service. Dr.Fone Toolkit for ios through 8.6.2 has an unquoted service path, which allows a Security Feature Bypass of its documented 'Block applications' design goal. Wondershare PDFelement installs a service with an unquoted service path To properly exploit this vulnerability, the local attacker must insert an executable file in the path of the service.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |