Farid Ayoujil

**Name of the Vulnerable Software and Affected Versions** PyInstaller versions prior to 3.6 **Description** A local privilege escalation issue is present in Windows software frozen by PyInstaller in "onefile" mode, when launched by a privileged user with a "TempPath" resolving to a world writable directory, such as C:WindowsTemp. This can occur when the software is launched as a service or scheduled task using a system account. The software must be restarted after the attacker launches the exploit program for exploitation to be possible. **Recommendations** For PyInstaller versions prior to 3.6, upgrade to PyInstaller version 3.6 and rebuild the software to resolve the issue. As a temporary workaround, consider avoiding the use of "onefile" mode for Windows software frozen by PyInstaller until a patch is applied. Restrict access to world writable directories, such as C:WindowsTemp, to minimize the risk of exploitation.