CVE-2020-13386

Name of the Vulnerable Software and Affected Versions SmartDraw 2020 version 27.0.0.0

Description The issue arises from the installer giving inherited write permissions to the Authenticated Users group on the SmartDraw 2020 installation folder. When the product is installed, two scheduled tasks, SDMsgUpdate (Local) and SDMsgUpdate (TE), are created to run in the context of the user who installed the product. Both tasks attempt to run the SDNotify.exe binary located in the "C:SmartDraw 2020Messages" folder. Since this folder and the SDNotify.exe binary do not exist by default, a malicious actor can create them due to the weak folder permissions. This allows the malicious actor to have a malicious SDNotify.exe binary run automatically whenever the user who installed the product logs on to the machine. The malicious binary could potentially create a new local administrator account on the machine.

Recommendations For SmartDraw 2020 version 27.0.0.0, consider restricting write permissions to the SmartDraw 2020 installation folder to prevent unauthorized access. As a temporary workaround, consider monitoring the "C:SmartDraw 2020Messages" folder for any creation of the SDNotify.exe binary and restrict its execution until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.