CVE-2009-4606

WebDrive 9.02 build 2232 - Unauthenticated Command Execution via Service Config

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-4606. PoCs published by Trancer.

AI-analyzed exploit summary This exploit leverages a bad security descriptor in South River Technologies WebDrive Service to escalate privileges locally by modifying the service's binary path to execute a malicious payload. It includes mitigation steps to correct the security descriptor.

Description

South River Technologies WebDrive 9.02 build 2232 installs the WebDrive Service without a security descriptor, which allows local users to (1) stop the service via the stop command, (2) execute arbitrary commands as SYSTEM by using the config command to modify the binPath variable, or (3) restart the service via the start command.

Exploits (1)

exploitdb WORKING POC

by Trancer · rubylocalwindows

https://www.exploit-db.com/exploits/11264

View Code ZIP pw:eip

This exploit leverages a bad security descriptor in South River Technologies WebDrive Service to escalate privileges locally by modifying the service's binary path to execute a malicious payload. It includes mitigation steps to correct the security descriptor.

Classification

Working Poc 100%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: South River Technologies WebDrive 9.02 build 2232

Auth required

Prerequisites: Local access to the target system · WebDrive service running with vulnerable security descriptor

MITRE ATT&CK