CVE-2023-26918

Name of the Vulnerable Software and Affected Versions Diasoft File Replication Pro version 7.5.0

Description The issue allows attackers to escalate privileges by replacing a legitimate file with a Trojan horse that will be executed as LocalSystem. This occurs because the directory %ProgramFiles%FileReplicationPro allows Everyone:(F) access, which means everyone has full access to the directory.

Recommendations For Diasoft File Replication Pro version 7.5.0, consider restricting access to the %ProgramFiles%FileReplicationPro directory to prevent unauthorized file replacements until a patch is available. Additionally, monitor the directory for any suspicious activity to minimize the risk of exploitation.