Terratec dmx_6fire USB 1.23.0.02 Unquoted Service Path

# Exploit Title:  Terratec dmx_6fire USB - Unquoted Service Path# Google Dork: null# Date: 4/10/2024# Exploit Author: Joseph Kwabena Fiagbor# Vendor Homepage: https://dmx-6fire-24-96-controlpanel.software.informer.com/download/# Software Link:# Version: v.1.23.0.02# Tested on: windows 7-11# CVE : CVE-2024-318041. Description:The Terratec dmx_6fire usb installs as a service with an unquoted servicepath runningwith SYSTEM privileges.This could potentially allow an authorized but non-privileged localuser to execute arbitrary code with elevated privileges on the system.2. Proof> C:\Users\Astra>sc qc "ttdmx6firesvc"> {SC] QueryServiceConfig SUCCESS>> SERVICE_NAME: ttdmx6firesvc>         TYPE               : 10  WIN32_OWN_PROCESS>         START_TYPE         : 2   AUTO_START>         ERROR_CONTROL      : 1   NORMAL>         BINARY_PATH_NAME   : C:\Program Files\TerraTec\DMX6FireUSB\ttdmx6firesvc.exe -service>         LOAD_ORDER_GROUP   : PlugPlay>         TAG                : 0>         DISPLAY_NAME       : DMX6Fire Control>         DEPENDENCIES       : eventlog>                            : PlugPlay>         SERVICE_START_NAME : LocalSystem>>