Closed itm4n closed 3 weeks ago
Issue fixed with commit 61d557422d369a8c54239889bcee9a5e8db87abf
The parsing of the command line is now delegated to the system using the API CommandLineToArgvW
, instead of trying to parse it manually. As a result, the above example is interpreted as a single file path, and no longer results in a false positive.
Under specific conditions, the function
Invoke-ServicesImagePermissionsCheck
incorrectly reports some service binary permissions as vulnerable.Below is an example when the script is executed while the current directory is
C:\Users\USERNAME
. It identifiesDesktop
as a token to check, finds that the pathC:\Users\USERNAME\Desktop
exists, and is writable. Therefore, it reports the service as vulnerable.