CVE-2009-4606

Name of the Vulnerable Software and Affected Versions South River Technologies WebDrive version 9.02 build 2232

Description The issue allows local users to manipulate the WebDrive Service, which was installed without a security descriptor. This enables users to stop the service, execute arbitrary commands as SYSTEM by modifying the binPath variable using the config command, or restart the service.

Recommendations For version 9.02 build 2232, consider setting a proper security descriptor for the WebDrive Service to restrict unauthorized access and modifications. As a temporary workaround, restrict access to the service's configuration to minimize the risk of exploitation.