CVE-2020-26133

Vulnerability

Dual DHCP DNS Server 7.40 installs to %SYSTEMDRIVE%\DualServer\ by default. The directory permissions allow any Authenticated User to modify its contents, including the DualServer.exe binary [1][3]. This insufficient access restriction enables privilege escalation.

Exploitation

A local attacker with Authenticated User privileges can replace DualServer.exe with a malicious binary. When the service is restarted (e.g., after a reboot), the attacker's code executes in the context of SYSTEM [3].

Impact

Successful exploitation leads to arbitrary code execution with SYSTEM privileges, resulting in complete compromise of the affected system [3].

Mitigation

The vendor did not respond to the report, and no official patch exists [3]. As a workaround, install the software to a directory with proper permissions, such as %SYSTEMDRIVE%\Program Files\ or %SYSTEMDRIVE%\Program Files(x86)\, where Authenticated Users have only read and execute access [3]. Changing permissions on the existing installation directory to restrict modify access for Authenticated Users is also effective.