January 30, 2024

Privilege Escalation Flaw Found in GoPro Fusion Studio 1.2

By Prescient Security · 1 minute read

Summary:
GoPro Fusion Studio is a feature rich editing software that allows you to transform your content into pro-quality videos.

Description:
Unquoted privilege escalation that allows a user to gain system privileges. The service runs as system which allows a non-privileged user to launch a binary under those privileges by replacing the executable launched by the service.

Date - 27 Aug 2018
Version: GoPro Fusion Studio 1.2
URL: https://shop.gopro.com/softwareandapp/gopro-fusion-studio-app/fusion-studio.html
Tested on: Win 10 Pro

[SC] QueryServiceConfig SUCCESS

SERVICE_NAME: GoProFusionDeviceDetectionService

TYPE: 10 WIN32_OWN_PROCESS

START_TYPE: 2 AUTO_START

ERROR_CONTROL: 1 NORMAL

BINARY_PATH_NAME: C:\Program Files\GoPro\Fusion Studio 1.2\GoProFusionDeviceDetection.exe

LOAD_ORDER_GROUP:

TAG: 0

DISPLAY_NAME: GoProFusionDeviceDetectionService

DEPENDENCIES:

SERVICE_START_NAME: LocalSystem

C:\Program Files\GoPro\Fusion Studio 1.2\GoProFusionDeviceDetection.exe

Humberto Cabrera, Senior Security Consultant
http://zeroscience.mk

Privilege Escalation Flaw Found in GoPro Fusion Studio 1.2

Related posts

Privilege Escalation Flaw: Manage Engine Op Manager

Being Compliant isn't always Being Secure

OWASP AppSec 2018 Review

Audit Services

Security Assessments

Federal Assessments

Privacy

Penetration Testing Services

Resources

The Prescient Advantage