Cain & Abel 4.9.56 - Unquoted Service Path

EDB-ID:

50728

CVE:

N/A




Platform:

Windows

Date:

2022-02-10


# Exploit Title: Cain & Abel 4.9.56 - Unquoted Service Path
# Exploit Author: Aryan Chehreghani
# Date: 2022-02-08
# Software Link: https://www.malavida.com/en/soft/cain-and-abel
# Version: 4.9.56
# Tested on: Windows 10 x64

# PoC

SERVICE_NAME: Abel
        TYPE               : 110  WIN32_OWN_PROCESS (interactive)
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\Program Files (x86)\Cain\Abel64.exe
        LOAD_ORDER_GROUP   :
        TAG                : 0
        DISPLAY_NAME       : Abel
        DEPENDENCIES       :
        SERVICE_START_NAME : LocalSystem