
ASUS Control Center Express =< 01.06.15 - Unquoted Service Path


ASUS Control Center Express =< 01.06.15 - Unquoted Service Path


ASUS Control Center Express Version =< 01.06.15 contains an unquoted service path which allows attackers to escalate privileges to the system level. Assuming attackers have write access to C:, the attackers can abuse the Asus service "Apro console service"/apro_console.exe which upon restarting will invoke C:\Program.exe with SYSTEM privileges.

The binary path of the service alone isn't susceptible, but upon its initiation, it will execute C:\program.exe as SYSTEM.

Impacted service(s)

Service Name: AProConsoleService

binary impacted: apro_console.exe


Alt text


In case of a poorly configured system, where a low privileged user could write to C:\ directory, they could use it to elevate their privileges to SYSTEM.

Discovered by:

Alaa Kachouh