CVE-2017-20218

Name of the Vulnerable Software and Affected Versions Serviio PRO version 1.8

Description The software contains an unquoted search path vulnerability in the Windows service, allowing local users to execute arbitrary code with elevated privileges by placing malicious executables in the system root path. Improper directory permissions grant the Users group full access, enabling authenticated users to replace the executable file with arbitrary binaries, potentially leading to privilege escalation during service startup or system reboot.

Recommendations Update Serviio PRO to a version that addresses this issue. Restrict directory permissions to prevent unauthorized modification of executable files. Ensure the Windows service path is properly quoted to prevent execution of arbitrary code.