Published: 08/06/2017 Updated: 25/05/2021

CVSS v2 Base Score: 6.9 | Impact Score: 10 | Exploitability Score: 3.4

CVSS v3 Base Score: 7.3 | Impact Score: 5.9 | Exploitability Score: 1.3

VMScore: 695

Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C

Net Monitor for Employees Pro up to and including 5.3.4 has an unquoted service path, which allows a Security Feature Bypass of its documented "Block applications" design goal. The local attacker must have privileges to write to program.exe in a protected directory, such as the %SYSTEMDRIVE% directory, and thus the issue is not interpreted as a direct privilege escalation. However, the local attacker might have the goal of executing program.exe even though program.exe is a blocked application.

Vulnerable Product	Search on Vulmon	Subscribe to Product
eduiq net monitor for employees

# Exploit Title: Unquoted Service Path Privilege Escalation - Net Monitor for Employees Pro <= 534 # Date: 18/03/2017 # Exploit Author: Saeid Atabaki # E-Mail: bytecod3r <at> gmailcom, saeid <at> Nsecurityorg # Linkedin: wwwlinkedincom/in/saeidatabaki # Vendor Homepage: networklookoutcom/ # Version: <= 534 ...

Net Monitor for Employees Pro versions prior to 534 suffer from an unquoted service path privilege escalation vulnerability ...

CWE-428 https://www.exploit-db.com/exploits/42141/https://nvd.nist.gov https://www.exploit-db.com/exploits/42141/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2017-7180

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect