CVE-2020-37231

HIGH

Privacy Drive 3.17.0 Unquoted Service Path Privilege Escalation

Title source: cna

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-37231. PoCs published by Mohammed Alshehri.

AI-analyzed exploit summary The exploit describes an unquoted service path vulnerability in Privacy Drive v3.17.0, where the service path 'C:\Program Files (x86)\Cybertron\Privacy Drive\pdsvc.exe' could allow privilege escalation if an executable is placed in a crafted path. The writeup includes service configuration details and explains the potential impact.

Description

Privacy Drive 3.17.0 contains an unquoted service path vulnerability in the pdsvc.exe service binary that allows local attackers to escalate privileges by exploiting the service startup process. Attackers can place malicious executables in the unquoted path directories to execute arbitrary code with LocalSystem privileges during service startup or system reboot.

Exploits (1)

exploitdb WRITEUP

by Mohammed Alshehri · textlocalwindows

https://www.exploit-db.com/exploits/49023

View Code ZIP pw:eip

The exploit describes an unquoted service path vulnerability in Privacy Drive v3.17.0, where the service path 'C:\Program Files (x86)\Cybertron\Privacy Drive\pdsvc.exe' could allow privilege escalation if an executable is placed in a crafted path. The writeup includes service configuration details and explains the potential impact.

Classification

Writeup 90%

Attack Type

Lpe

Complexity

Trivial

Reliability

Reliable

Target: Privacy Drive v3.17.0 Build 1456

Auth required

Prerequisites: ability to place an executable in a path with spaces (e.g., 'C:\Program.exe') · local access to the system

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1548 - Abuse Elevation Control Mechanism

devstral-2 · analyzed May 16, 2026 Full analysis →

References (4)

Core 4

Core References

Exploit exploit

ExploitDB-49023

https://www.exploit-db.com/exploits/49023

Product product

Official Product Homepage

https://www.cybertronsoft.com/

Product product

Product Reference

https://www.cybertronsoft.com/download/privacy-drive-setup.exe

Third Party Advisory third-party-advisory

VulnCheck Advisory: Privacy Drive 3.17.0 Unquoted Service Path Privilege Escalation

https://www.vulncheck.com/advisories/privacy-drive-unquoted-service-path-privilege-escalation

Scores

CVSS v3 7.8

EPSS 0.0012

EPSS Percentile 2.1%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-428

Status published

Products (1)

Cybertronsoft/Privacy Drive 3.17.0 Build 1456

Published May 16, 2026

Tracked Since May 16, 2026