CVE-2017-7884

Name of the Vulnerable Software and Affected Versions APC UPS Daemon versions through 3.14.14

Description The default installation of APCUPSD allows a local authenticated, but unprivileged, user to run arbitrary code with elevated privileges. This is possible by replacing the service executable apcupsd.exe with a malicious executable that will run with SYSTEM privileges at startup, due to "RW NT AUTHORITYAuthenticated Users" permissions for %SYSTEMDRIVE%apcupsdbinapcupsd.exe.

Recommendations For APC UPS Daemon versions through 3.14.14, consider restricting write access to the %SYSTEMDRIVE%apcupsdbinapcupsd.exe file to prevent replacement with a malicious executable. As a temporary workaround, monitor the integrity of the apcupsd.exe file to detect any unauthorized changes.