Privacy Drive Unquoted Service Path Privilege Escalation Vulnerability

A privilege escalation vulnerability has been identified in Privacy Drive version 3.17.0. The issue arises from an unquoted service path in the 'pdsvc.exe' service binary, which allows local attackers to exploit the service startup process. By placing malicious executables in the unquoted path directories, attackers can execute arbitrary code with LocalSystem privileges during service startup or system reboot.

Impact

Exploitation of this vulnerability could lead to unauthorized privilege escalation, allowing local attackers to execute code with elevated rights.

Reproduction

The vulnerability can be reproduced by placing a malicious executable in the directory path specified by the unquoted service path of 'pdsvc.exe'. This can be done manually or through a script. Once the executable is in place, the service can be restarted or the system can be rebooted, at which point the malicious code will be executed with LocalSystem privileges.