Executive Summary

This vulnerability is an unquoted service path issue in Dynojet Power Core 2.3.0's DJ.UpdateService. Because the service path contains spaces and is not enclosed in quotes, a local authenticated user can place a malicious executable in a location that the system mistakenly executes with elevated privileges when the service starts or restarts. This allows the attacker to execute arbitrary code with LocalSystem privileges. [2]

Useful 0 Not Useful 0

Impact Analysis

If exploited, this vulnerability allows a local authenticated user to escalate their privileges to LocalSystem level, effectively gaining full control over the affected system. This can lead to unauthorized code execution, system compromise, and potentially complete takeover of the machine. [2]

Useful 0 Not Useful 0

Detection Guidance

You can detect this vulnerability by checking for unquoted service paths on your system, specifically for the service named "DJ.UpdateService". On a Windows system, you can use the command: sc qc "DJ.UpdateService" to view the service path. If the path contains spaces and is not enclosed in quotes, it is vulnerable. Additionally, you can use PowerShell to list all services with unquoted paths: Get-WmiObject win32_service | Where-Object { $_.PathName -like '* *' -and $_.PathName -notlike '"*"' } | Select-Object Name, PathName [2]

Useful 0 Not Useful 0

Mitigation Strategies

Immediate mitigation steps include quoting the service path for "DJ.UpdateService" to prevent path hijacking. This can be done by editing the service configuration to enclose the executable path in double quotes. Alternatively, restrict write permissions on directories in the service path, especially the root directory (e.g., C:\), to prevent unauthorized users from placing malicious executables. Restart the service after applying these changes to ensure the fix takes effect. [2]

Useful 0 Not Useful 0