CVE-2017-3141

HIGH

BIND 9.2.6-P2-9.11.1 - Privilege Escalation via Unquoted Service Path

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-3141. PoCs published by hyp3rlinx.

AI-analyzed exploit summary This is a writeup describing a privilege escalation vulnerability in BIND9 due to an unquoted service path. The attacker can place a malicious executable named 'Program.exe' in the service path to execute code under different privileges.

Description

The BIND installer on Windows uses an unquoted service path which can enable a local user to achieve privilege escalation if the host file system permissions allow this. Affects BIND 9.2.6-P2->9.2.9, 9.3.2-P1->9.3.6, 9.4.0->9.8.8, 9.9.0->9.9.10, 9.10.0->9.10.5, 9.11.0->9.11.1, 9.9.3-S1->9.9.10-S1, 9.10.5-S1.

Exploits (1)

exploitdb WRITEUP

by hyp3rlinx · textlocalwindows

https://www.exploit-db.com/exploits/42121

View Code ZIP pw:eip

This is a writeup describing a privilege escalation vulnerability in BIND9 due to an unquoted service path. The attacker can place a malicious executable named 'Program.exe' in the service path to execute code under different privileges.

Classification

Writeup 100%

Attack Type

Lpe

Complexity

Trivial

Reliability

Reliable

Target: BIND9 v9.10.5

Auth required

Prerequisites: Local access to the system · Ability to place a malicious executable in the service path

MITRE ATT&CK