{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/vendors/cybertron-soft/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":7.8,"id":"CVE-2020-37231"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["Privacy Drive 3.17.0"],"_cs_severities":["high"],"_cs_tags":["privilege escalation","unquoted service path","cve-2020-37231"],"_cs_type":"advisory","_cs_vendors":["Cybertron Soft"],"content_html":"\u003cp\u003eCybertron Soft\u0026rsquo;s Privacy Drive version 3.17.0 is vulnerable to an unquoted service path vulnerability (CVE-2020-37231) affecting the \u003ccode\u003epdsvc.exe\u003c/code\u003e service. This flaw allows a local attacker with limited privileges to escalate their privileges to SYSTEM. The vulnerability exists because the service\u0026rsquo;s executable path contains spaces and lacks proper quoting, which can lead to Windows executing unintended binaries located in the service\u0026rsquo;s path. An attacker can leverage this by placing a malicious executable in a directory within the unquoted path. When the system or service restarts, the malicious executable is executed with SYSTEM privileges.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker identifies the unquoted service path for the \u003ccode\u003epdsvc.exe\u003c/code\u003e service.\u003c/li\u003e\n\u003cli\u003eThe attacker determines a directory in the unquoted service path where they can place files.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious executable (e.g., \u003ccode\u003eprogram.exe\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eThe attacker renames the malicious executable to match a portion of the unquoted service path, such as the first word in the full path (e.g., if the path is \u0026ldquo;C:\\Program Files\\Privacy Drive\\pdsvc.exe\u0026rdquo;, the attacker might name their executable \u0026ldquo;Program.exe\u0026rdquo;).\u003c/li\u003e\n\u003cli\u003eThe attacker places the renamed malicious executable in the accessible directory within the unquoted path (e.g., \u003ccode\u003eC:\\\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eThe attacker triggers a service restart or system reboot.\u003c/li\u003e\n\u003cli\u003eDuring service startup, Windows attempts to execute the service binary using the unquoted path, but instead executes the malicious executable placed in the earlier steps.\u003c/li\u003e\n\u003cli\u003eThe malicious executable runs with SYSTEM privileges, granting the attacker elevated access to the system.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eA successful exploit allows a local attacker to gain complete control over the affected system. The attacker can install programs, view, change, or delete data, or create new accounts with full user rights. This vulnerability poses a significant risk to systems where Privacy Drive 3.17.0 is installed, especially in environments where multiple user accounts exist or where sensitive data is stored.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply the Sigma rule \u003ccode\u003eDetect Unquoted Service Path Exploitation\u003c/code\u003e to identify potential attempts to exploit unquoted service paths by monitoring process creation events.\u003c/li\u003e\n\u003cli\u003eApply the Sigma rule \u003ccode\u003eDetect Privacy Drive Service Execution from Unusual Location\u003c/code\u003e to detect if the \u003ccode\u003epdsvc.exe\u003c/code\u003e service is executed from an unexpected location, which could indicate exploitation.\u003c/li\u003e\n\u003cli\u003eFollow remediation steps provided by Cybertron Soft to properly quote the service path or upgrade to a patched version of Privacy Drive, when available.\u003c/li\u003e\n\u003cli\u003eReview service configurations for other unquoted service paths to prevent similar privilege escalation attacks.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-16T16:18:20Z","date_published":"2026-05-16T16:18:20Z","id":"https://feed.craftedsignal.io/briefs/2026-05-cve-2020-37231-privacy-drive-unquoted-path/","summary":"Privacy Drive 3.17.0 contains an unquoted service path vulnerability in the pdsvc.exe service, allowing local attackers to escalate privileges by placing malicious executables in the unquoted path directories, leading to arbitrary code execution with LocalSystem privileges.","title":"Privacy Drive 3.17.0 Unquoted Service Path Privilege Escalation (CVE-2020-37231)","url":"https://feed.craftedsignal.io/briefs/2026-05-cve-2020-37231-privacy-drive-unquoted-path/"}],"language":"en","title":"CraftedSignal Threat Feed — Cybertron Soft","version":"https://jsonfeed.org/version/1.1"}