Unquoted Service Path Enables Local Privilege Escalation

Privacy Drive 3.17.0 is vulnerable to a classic unquoted service path attack (CWE-428) where the pdsvc.exe service binary path lacks proper quotation marks. This allows local attackers to inject malicious executables into the service startup chain and execute arbitrary code with LocalSystem privileges—the highest privilege level on Windows systems. Any user with local access can exploit this during service startup or system reboot, making it a critical privilege escalation vector that affects organizations relying on Privacy Drive for encryption or data protection.

While this CVE has no direct MITRE ATT&CK mapping, Casky's security skills would detect the underlying attack patterns associated with privilege escalation and execution techniques. Practitioners using Casky would identify behavioral indicators including suspicious file creation in common system paths (System32, Program Files directories), service modification attempts, and process execution chains where child processes spawn with unexpected privilege levels. The extended reasoning capability would correlate unquoted path conditions in service configurations with execution anomalies, flagging the gap between expected service behavior and actual runtime execution—enabling defenders to spot indicators of compromise or attempted exploitation before code execution occurs.