2020-06-26 18:35:26
mitre
PUBLISHED
IDrive before 6.7.3.19 on Windows installs by default to %PROGRAMFILES(X86)%IDriveWindows with weak folder permissions granting any user modify permission (i.e., NT AUTHORITYAuthenticated Users:(OI)(CI)(M)) to the contents of the directory and its sub-folders. In addition, the program installs a service called IDriveService that runs as LocalSystem. Thus, any standard user can escalate privileges to NT AUTHORITYSYSTEM by substituting the services binary with a malicious one.