Forum Discussion
Solved
Windows Unquoted Service Path Enumeration - Is this still a case in modern Windows (10, 11) ?
Hi Folks, This could be irrelevant as the issue goes back to few years and Microsoft may have already fixed it but, just wanted verify/confirm. Windows Unquoted Path Enumeration vulnerabilit...
- The above response is the latest on this as I could not fetch anything specific to Microsoft on this. this script does a fantastic job on fixing the paths if there's any so if you happen to have this issue, It'd be really handy (hats off to those who contributed to this project!) - https://github.com/VectorBCO/windows-path-enumerate/
I managed to replicate this. Just copy 'calc.exe' to your c:\ and rename it as 'documents.exe' and another copy as 'program.exe'.
Now every time you restart your computer, a calculator will open up.
This happens because start up processes look for "C:\Program Files\*" but end up running "C:\program.exe" with rest of the code items as arguments.
In reality, if someone malicious gets access to such an extent that they are able to place an executable on your c: drive, I call that checkmate anyways.
Yes, locating the key under HKLM... Service I was able to manually add the quotes, also can be applied via GPO to add quotes updating a string