Wowza Streaming Engine 4.5.0 Local Privilege Escalation

Title: Wowza Streaming Engine 4.5.0 Local Privilege Escalation
Advisory ID: ZSL-2016-5339
Type: Local
Impact: Privilege Escalation
Risk: (3/5)
Release Date: 19.07.2016
Summary
Wowza Streaming Engine is robust, customizable, and scalable server software that powers reliable video and audio streaming to any device. Learn the benefits of using Wowza Streaming Engine to deliver high-quality live and on-demand video content to any device.
Description
Wowza Streaming Engine suffers from an elevation of privileges vulnerability which can be used by a simple authenticated user that can change the executable file with a binary of choice. The vulnerability exist due to the improper permissions, with the 'F' flag (Full) for 'Everyone' group. In combination with insecure file permissions the application suffers from an unquoted search path issue impacting the services 'WowzaStreamingEngine450' and 'WowzaStreamingEngineManager450' for Windows deployed as part of Wowza Streaming software.
Vendor
Wowza Media Systems, LLC. - https://www.wowza.com
Affected Version
Wowza Streaming Engine 4.5.0 (build 18676)
Wowza Streaming Engine Manager 4.5.0 (build 18676)
Tested On
Microsoft Windows 7 Ultimate SP1 (EN)
Java Version: 1.8.0_77
Java VM Version: 25.77-b03
Java Architecture: 64
Vendor Status
[03.07.2016] Vulnerability discovered.
[09.07.2016] Contact with the vendor.
[18.07.2016] No response from the vendor.
[19.07.2016] Public security advisory released.
PoC
wowza_lprivs.txt
Credits
Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk>
References
[1] https://www.exploit-db.com/exploits/40132/
[2] https://packetstormsecurity.com/files/137971
[3] https://cxsecurity.com/issue/WLB-2016070155
[4] https://exchange.xforce.ibmcloud.com/vulnerabilities/115122
Changelog
[19.07.2016] - Initial release
[22.07.2016] - Added reference [1], [2] and [3]
[26.07.2016] - Added reference [4]
Contact
Zero Science Lab

Web: http://www.zeroscience.mk
e-mail: lab@zeroscience.mk