# Exploit Title: Cobian Backup Service < 11 -  Unquoted Service Path
# Discovery by: yunaranyancat
# Discovery Date: October 2020
# Vendor Homepage: https://www.cobiansoft.com/
# Software Link : https://files.cobiansoft.com/programs/cbSetup.exe
# Tested Version: 11
# Vulnerability Type: Unquoted Service Path
# Tested on OS: Windows 10 

# Info

It has been observed that Cobian Backup service ver. 11 and earlier suffers from Unquoted Service Path Vulnerability

# Vulnerability discovery:

Registry value : HKLM\SYSTEM\ControlSet001\Services\CobianBackup11

# Service info:
 
C:\>sc qc CobianBackup11
[SC] QueryServiceConfig SUCCESS

SERVICE_NAME: CobianBackup11
        TYPE               : 10  WIN32_OWN_PROCESS
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1 Normal
        BINARY_PATH_NAME   : C:\Program Files (x86)\Cobian Backup 11\cbService.exe
        LOAD_ORDER_GROUP   :
        TAG                : 0
        DISPLAY_NAME       : Cobian Backup 11 Gravity
        DEPENDENCIES       :
        SERVICE_START_NAME : LocalSystem
 
# Exploit:

This vulnerability could permit executing code during startup or reboot with the escalated privileges.