12/30/2022 0 Comments Lenovo modern im controller![]() ![]() In order to analyze this one, we used dnSpy, because the vulnerable executable is based on. We were able to load an arbitrary DLL and execute our code within .Device exe which was signed by “Lenovo Group Ltd.” and run as NT AUTHORITY\SYSTEM. We then placed it in the following path and restarted the computer:Ĭ:\Program Files (x86)\Lenovo\ImController\PluginHost\wintrust.dll The name of the process which loaded it.In order to test this vulnerability, we compiled an x86 arbitrary DLL which writes the following to the filename of a txt file: The service then tried to load a missing DLL file ( Wintrust.dll ) PoC Demonstration Once executed, the process tried to load Wintrust.dll from its own directory, instead of SysWOW64: This vulnerability, preinstalled in many units, could have a widespread impact, with serious consequences for thousands of users.Īfter the Lenovo System Interface Foundation service started, it executed .Device.exe as NT AUTHORITY\SYSTEM. In addition to the fact that it is a signed process that runs as NT AUTHORITY\SYSTEM, this service was interesting because it is preinstalled on Windows-based Lenovo PCs. In our exploration, we targeted the Lenovo System Interface Foundation service. The component is preinstalled on Windows-based Lenovo PCs. Lenovo System Interface Foundation is a necessary component of the following Universal Windows Platform applications: ![]() Note: In order to exploit this vulnerability the attacker needs to have Administrator privileges. In this post, we will demonstrate how the CVE-2019-6189 vulnerability could have been used in order to achieve defense evasion and persistence by loading an arbitrary unsigned DLL into a signed process that runs as NT AUTHORITY\SYSTEM. SafeBreach Labs discovered a new vulnerability in Lenovo System Interface Foundation service, which is preinstalled on Lenovo PCs. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |