JustAppSec
HIGH SeverityCVSS 4.08.5CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CVE-2020-37231

Last updated May 16, 2026 · Published May 16, 2026

← Back to list

Description

Privacy Drive 3.17.0 contains an unquoted service path vulnerability in the pdsvc.exe service binary that allows local attackers to escalate privileges by exploiting the service startup process. Attackers can place malicious executables in the unquoted path directories to execute arbitrary code with LocalSystem privileges during service startup or system reboot.

Affected products

1 listed
  • Cybertronsoft:Privacy Drive

Mappings

CWE

CWE-428

CAPEC

None listed.

CVE® content © MITRE Corporation. Licensed under the CVE Terms of Use. Terms

Need help?Get in touch.