A local privilege escalation vulnerability exists in the Go Pro Fusion Studio version 1.2. Go Pro Fusion Studio is a specially designed editing software that incorporates all footage editing and modifying features specifically for media created using the Go Pro camera range. Both the Go Pro cameras and the Go Pro Fusion Studio are products of Go Pro, Inc. The editing platform can be downloaded from the vendor’s website and installed on Microsoft’s Windows operating system and Apple’s MacOSX.
The vulnerability was discovered by Humberto Cabrera in version 220.127.116.110 of the Go Pro Fusion Studio on Microsoft Windows 10 Professional on the 27th of August, 2018. The vendor was contacted the same day but there was no response up till the 3rd of September as reported by Cabrera. The current affected version of Go Pro Fusion Studio was released on the 5th of June, 2018, for both Windows and MacOSX. A new version is expected to resolve this security concern but there is no definitive information on when this version will be developed or hit the market as the vendor has remained silent up till now.
According to preliminary analysis of the vulnerability by Zero Science Lab, Go Pro Fusion Studio “suffers from an unquoted search path issue impacting the service ‘GoProFusionDeviceDetectionService’ for Windows deployed as part of GoPro Fusion Studio App solution.“ As this vulnerability is not remotely exploitable, it requires that someone have access of the native device to escalate privileges on the system. This means that a non-authorized user working on the device could potentially exploit this vulnerability through arbitrary code execution.
That being said, exploiting this vulnerability requires that the malicious attacker sneak the code containing file in the system root path without getting caught or challenged by the operating system or any local security mechanism like an antivirus software in the process. The code needs to be inserted so that it can be run when Go Pro Fusion Studio is run. Once the software is run, the inserted code would allow the user to carry on with elevated privileges of the application.