CVE-2020-15351

Name of the Vulnerable Software and Affected Versions IDrive versions prior to 6.7.3.19

Description The issue allows any standard user to escalate privileges to NT AUTHORITYSYSTEM by substituting the IDriveService binary with a malicious one due to weak folder permissions. The program installs by default to %PROGRAMFILES(X86)%IDriveWindows with permissions granting any user modify permission to the directory and its sub-folders. The IDriveService runs as LocalSystem, enabling privilege escalation.

Recommendations For versions prior to 6.7.3.19, update to version 6.7.3.19 or later to resolve the issue. As a temporary workaround, consider restricting access to the IDriveService binary to prevent substitution with a malicious one. Additionally, review and adjust the folder permissions of the %PROGRAMFILES(X86)%IDriveWindows directory to prevent unauthorized modifications.