MobileTrans 4.0.11 Weak Service Permissions

Vendor Name: MobileTransProduct Name: MobileTransVendor Home Page:  https://mobiletrans.wondershare.com/Affected Version(s): MobileTrans version 4.0.11Vulnerability Type: Weak Service Permissions (CWE-276)CVE Reference: CVE-2023-31748Security Researcher: Thurein SoeVulnerability description:MobileTrans is World 1 mobile-to-mobile file transferapplication.MobileTrans version 4.0.11 was being suffered a weak servicepermission vulnerability that allows a normal window user to elevate tolocal admin. The "ElevationService" service name was installed, while theMobileTrans version 4.0.11 was installed in the window option system. Theservice "ElevationService" allows the local user to elevate to the localadmin. Effectively, the local user is able to elevate to local admin.C:\Users\HninKayThayar\Desktop>sc qc ElevationService[SC] QueryServiceConfig SUCCESSSERVICE_NAME: ElevationService        TYPE               : 10  WIN32_OWN_PROCESS        START_TYPE         : 2   AUTO_START        ERROR_CONTROL      : 1   NORMAL        BINARY_PATH_NAME   : C:\Program Files(x86)\Wondershare\MobileTrans\ElevationService.exe        LOAD_ORDER_GROUP   :        TAG                : 0        DISPLAY_NAME       : Wondershare Driver Install Service help        DEPENDENCIES       :        SERVICE_START_NAME : LocalSystemC:\Users\HninKayThayar\Desktop>cacls "C:\Program Files(x86)\Wondershare\MobileTrans\ElevationService.exe"C:\Program Files (x86)\Wondershare\MobileTrans\ElevationService.exeEveryone:(ID)F                                                                    NTAUTHORITY\SYSTEM:(ID)FBUILTIN\Administrators:(ID)FBUILTIN\Users:(ID)RAPPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES:(ID)RAPPLICATION PACKAGE AUTHORITY\ALL RESTRICTED APPLICATION PACKAGES:(ID)R