Jc0818

**Name of the Vulnerable Software and Affected Versions** SevenCs ORCA G2 version 2.0.1.35 (EC2007 Kernel v5.22) **Description** A local privilege escalation issue exists due to a Time-of-Check Time-of-Use (TOCTOU) race condition in the license management logic. The `regService` process, running with SYSTEM privileges, creates a fixed directory and writes files without verifying if the path is an NTFS reparse point. An attacker can replace the target directory with a junction pointing to a user-controlled path, causing the SYSTEM-level process to write binaries to a location controlled by the attacker, enabling arbitrary code execution with SYSTEM privileges. This can be exploited by a standard user with a single User Account Control (UAC) confirmation. **Recommendations** Update to a newer version that contains a fix for this vulnerability.