Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:29393
HistoryMay 10, 2013 - 12:00 a.m.

Re: Vulnerabilities in Windows 8 Professional x64 factory preinstallation of Fujitsu Lifebook A512 [continued]

2013-05-1000:00:00
vulners.com
16
JSON

On Sunday, May 05, 2013 10:13 PM I wrote:

> Hi @ll,
>
> Fujitsus <http://www.fsc-pc.de/&gt; factory preinstallation (as
> found on a Fujitsu Lifebook A512 purchased a month ago) of
> Windows 8 Professional x64 (I'm VERY confident that other
> variants of Fujitsu's Windows 8 factory installation are just
> the like) has the following vulnerabilities which can lead to
> code execution in the context of the LocalSystem account.
>
>
> A. Command lines with unquoted paths containing spaces:

[…]

and missed some more REALLY nice vulnerabilities (just like the one
Microsoft fixed with <https://support.microsoft.com/kb/2781197&gt;
alias <http://technet.microsoft.com/security/bulletin/ms13-034&gt;,
which of course is present too).

A.6: TWO vulnerabilities in the preinstalled services from Fujitsu:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PFNService]
"ImagePath"=expand:"C:\\Program Files\\Fujitsu\\Plugfree NETWORK\\PFNService.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PowerSavingUtilityService]
"ImagePath"=expand:"C:\\Program Files\\Fujitsu\\PSUtility\\PSUService.exe"

A.7: SIX vulnerabilities in the preinstalled services from Intel:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AMPPALR3]
"ImagePath"=expand:"C:\\Program Files\\Intel\\BluetoothHS\\BTHSAmpPalService.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EvtEng]
"ImagePath"=expand:"C:\\Program Files\\Intel\\WiFi\\bin\\EvtEng.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\jhi_service]
"ImagePath"=expand:"C:\\Program Files (x86)\\Intel\\Intel(R) Management Engine Components\\DAL\\jhi_service.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LMS]
"ImagePath"=expand:"C:\\Program Files (x86)\\Intel\\Intel(R) Management Engine Components\\LMS\\LMS.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MyWiFiDHCPDNS]
"ImagePath"=expand:"C:\\Program Files\\Intel\WiFi\\bin\\PanDhcpDns.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RegSrvc]
"ImagePath"=expand:"C:\\Program Files\\Common Files\\Intel\\WirelessCommon\RegSrvc.exe"

JFTR: two other services of Intel don't show this vulnerability!

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHSSecurityMgr]
"ImagePath"=expand:"""C:\\Program Files\\Intel\\BluetoothHS\\BTHSSecurityMgr.exe"""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UNS]
"ImagePath"=expand:"""C:\\Program Files (x86)\\Intel\\Intel(R) Management Engine Components\\UNS\\UNS.exe"""

Stefan Kanthak

JSON