Therealjoedoran

**Name of the Vulnerable Software and Affected Versions** Corsair Utility Engine (affected versions not specified) **Description** The issue is related to the CorsairService Service in Corsair Utility Engine, which has insecure default permissions. This allows unprivileged local users to execute arbitrary commands by modifying the `BINARY PATH NAME` of the CorsairService, resulting in complete control of the affected system. The problem arises from the Windows "Everyone" group being granted `SERVICE ALL ACCESS` permissions to the CorsairService Service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.