ASUS Control Center Express 01.06.15 Exploit, Unquoted Service Path

# Exploit Title: ASUS Control Center Express 01.06.15 - Unquoted Service Path
Privilege Escalation
# Date: 2024-04-02
# Exploit Author: Alaa Kachouh
# Vendor Homepage:
# Version: Up to 01.06.15
# Tested on: Windows
# CVE: CVE-2024-27673

ASUS Control Center Express Version =< 01.06.15 contains an unquoted
service path which allows attackers to escalate privileges to the system
Assuming attackers have write access to C:\, the attackers can abuse the
Asus service "Apro console service"/apro_console.exe which upon restarting
will invoke C:\Program.exe with SYSTEM privileges.

The binary path of the service alone isn't susceptible, but upon its
initiation, it will execute C:\program.exe as SYSTEM.

Service Name: AProConsoleService
binary impacted: apro_console.exe

# If a malicious payload is inserted into C:\  and service is executed in
any way, this can grant privileged access to the system and perform
malicious activities.

All rights reserved 2009 - 2024
Powered by: MVCP 2.0-RC / BVCP / ASPF-MILTER / PHP 7.4 / NGINX / FreeBSD