CVE-2018-25359
Insecure File Permissions in Splinterware System Scheduler Pro Allow Privilege Escalation
Publication date: 2026-05-25
Last updated on: 2026-05-25
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| splinterware | system_scheduler_pro | 5.12 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-276 | During installation, installed file permissions are set to allow anyone to modify those files. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in Splinterware System Scheduler Pro 5.12 and involves insecure file permissions. It allows users with low privileges to escalate their privileges by modifying service executable files. Specifically, an attacker can rename the legitimate WService.exe file in the installation directory and replace it with a malicious executable. When the service is triggered, this malicious executable runs with LocalSystem privileges, giving the attacker high-level control over the system.
How can this vulnerability impact me? :
The impact of this vulnerability is significant because it allows an attacker with limited access to gain full system privileges. By replacing the service executable with a malicious one, the attacker can execute arbitrary code with LocalSystem rights, potentially leading to complete system compromise, unauthorized data access, or disruption of system operations.