Categories: Vulnerabilities

Global Registration Service 1.0.0.3 – ‘GREGsvc.exe’ Unquoted Service Path

Published by
RiSec.Mitch

Date: 2020-12-01

CVE: N/A

Platform: WIN

# Exploit Title: Global Registration Service 1.0.0.3 - 'GREGsvc.exe'  Unquoted Service Path
# Discovery by: Emmanuel Lujan
# Vendor Homepage: https://www.acer.com/ac/en/US/content/home
# Tested Version: 1.0.0.3
# Vulnerability Type: Unquoted Service Path
# Tested on OS: Windows 7 Home Premium x64 

# Step to discover Unquoted Service Path: 

C:\>wmic service get name, pathname, displayname, startmode | findstr /i "Auto" | findstr /i /v "C:\Windows\" | findstr /i /v """

GREGService                                                             GREGServ
ice                                   C:\Program Files (x86)\Acer\Registration\G
REGsvc.exe                                                Auto

# Service info:

C:\>sc qc GregService
[SC] QueryServiceConfig SUCCESS

SERVICE_NAME: GREGService
        TYPE               : 10  WIN32_OWN_PROCESS
        START_TYPE         : 2   AUTO_START  
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
        LOAD_ORDER_GROUP   :
        TAG                : 0
        DISPLAY_NAME       : GREGService
        DEPENDENCIES       :                            
        SERVICE_START_NAME : LocalSystem

#Exploit:

A successful attempt would require the local user to be able to insert their code in the system root path undetected by the OS or other security applications where it could potentially be executed during application startup or reboot. If successful, the local user's code would execute with the elevated privileges of the application.
Bookmark
Please login to bookmark Close
Social Comments Box
Share the word, let's increase Cybersecurity Awareness as we know it

This post was last modified on 3 March 2022 7:11 PM

RiSec.Mitch

Just your average information security researcher from Delaware US.

Leave a Comment
Published by
RiSec.Mitch
Tags: exploit-db Global Registration service exploit

Recent Posts

  • Data Breach News
  • InfoSec News

WH Smith Announces Cyber-Attack: Employee Data Stolen

British high street chain WH Smith has recently revealed that it was hit by a…

2 years ago
  • InfoSec News
  • World Affairs

Voice ID: How Secure is it Really?

As banks worldwide roll out Voice ID as a means of user authentication over the…

2 years ago
  • Cybersecurity Academy
  • InfoSec News

What distinguishes Application Security from API Security?

In the era of digital transformation, cybersecurity has become a major concern for businesses. When…

2 years ago
  • Cybersecurity Academy
  • InfoSec News

The Top 5 Cybersecurity threats facing Businesses Today

In today's digital age, cybersecurity threats have become a significant concern for businesses of all…

2 years ago
  • InfoSec News
  • World Affairs

Enterprise users infected by RIG Exploit Kit thanks to Internet Explorer

The RIG Exploit Kit is currently in the midst of its most productive phase, attempting…

2 years ago
  • Cybersecurity Academy

The Rise and Rise of AI

One of the most transformational technologies of our time, artificial intelligence (AI), has quickly come…

2 years ago