{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/vendors/splinterware/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":8.4,"id":"CVE-2018-25359"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["System Scheduler Pro (5.12)"],"_cs_severities":["high"],"_cs_tags":["privilege-escalation","vulnerability","cve"],"_cs_type":"advisory","_cs_vendors":["Splinterware"],"content_html":"\u003cp\u003eSplinterware System Scheduler Pro version 5.12 is susceptible to a privilege escalation vulnerability (CVE-2018-25359). This flaw stems from insecure file permissions associated with the service executable. A low-privilege user can exploit this vulnerability to gain elevated privileges on the system. The attack involves replacing the legitimate service executable with a malicious one. When the System Scheduler Pro service starts, it executes the replaced malicious executable with LocalSystem privileges, granting the attacker complete control over the compromised system. This vulnerability poses a significant risk to organizations using the affected software.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eA low-privilege user gains access to the target system.\u003c/li\u003e\n\u003cli\u003eThe user identifies the installation directory of Splinterware System Scheduler Pro 5.12.\u003c/li\u003e\n\u003cli\u003eThe user renames the legitimate \u003ccode\u003eWService.exe\u003c/code\u003e file within the installation directory.\u003c/li\u003e\n\u003cli\u003eThe user copies a malicious executable file to the installation directory.\u003c/li\u003e\n\u003cli\u003eThe user renames the malicious executable to \u003ccode\u003eWService.exe\u003c/code\u003e, effectively replacing the original service executable.\u003c/li\u003e\n\u003cli\u003eThe user triggers the Splinterware System Scheduler Pro service to start.\u003c/li\u003e\n\u003cli\u003eThe operating system executes the malicious \u003ccode\u003eWService.exe\u003c/code\u003e with LocalSystem privileges.\u003c/li\u003e\n\u003cli\u003eThe attacker gains complete control of the compromised system.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2018-25359 allows a low-privilege user to escalate their privileges to LocalSystem. This grants the attacker complete control over the affected system, enabling them to install malware, steal sensitive data, modify system configurations, or disrupt critical services. The vulnerability affects version 5.12 of Splinterware System Scheduler Pro.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMonitor for file modifications in the Splinterware System Scheduler Pro installation directory, specifically the \u003ccode\u003eWService.exe\u003c/code\u003e executable. Use the file integrity monitoring rule to detect unauthorized changes.\u003c/li\u003e\n\u003cli\u003eDeploy the provided Sigma rule to detect the creation of \u003ccode\u003eWService.exe\u003c/code\u003e by non-system processes.\u003c/li\u003e\n\u003cli\u003eRestrict write access to the Splinterware System Scheduler Pro installation directory to prevent low-privilege users from modifying the \u003ccode\u003eWService.exe\u003c/code\u003e file.\u003c/li\u003e\n\u003cli\u003eConsider upgrading or migrating away from Splinterware System Scheduler Pro 5.12 as there are no official patches available from the vendor.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-26T14:13:11Z","date_published":"2026-05-26T14:13:11Z","id":"https://feed.craftedsignal.io/briefs/2026-05-splinterware-privilege-escalation/","summary":"Splinterware System Scheduler Pro 5.12 is vulnerable to privilege escalation (CVE-2018-25359) due to insecure file permissions, allowing low-privilege users to replace the service executable with a malicious one, leading to arbitrary code execution as LocalSystem.","title":"Splinterware System Scheduler Pro 5.12 Privilege Escalation via Insecure Permissions (CVE-2018-25359)","url":"https://feed.craftedsignal.io/briefs/2026-05-splinterware-privilege-escalation/"}],"language":"en","title":"CraftedSignal Threat Feed — Splinterware","version":"https://jsonfeed.org/version/1.1"}