CVE-2023-26918

Vulnerability

Diasoft File Replication Pro version 7.5.0 installs to %ProgramFiles%\FileReplicationPro with the directory’s access control list granting Everyone:(F) (full control) [1]. This misconfiguration allows any local user to write, modify, or delete files within the installation directory. An attacker can replace a legitimate executable or DLL that is subsequently executed by the service, which runs with LocalSystem privileges.

Exploitation

An attacker must have local access to the system with any user-level account. The attacker identifies a file in %ProgramFiles%\FileReplicationPro that is executed by the File Replication Pro service (or a related component) and replaces it with a malicious payload. When the service starts or the application runs, the Trojan horse executes in the context of LocalSystem, achieving privilege escalation [1].

Impact

Successful exploitation grants the attacker full control over the affected system with SYSTEM privileges. This includes the ability to execute arbitrary code, install programs, create or modify accounts, and access all data on the host [1].

Mitigation

As of the publication date (April 13, 2023), no official patch or updated version has been released by Diasoft. The recommended workaround is to manually restrict permissions on %ProgramFiles%\FileReplicationPro by removing the Everyone:(F) entry and granting only Administrators and SYSTEM full control. This vulnerability is not listed in CISA’s Known Exploited Vulnerabilities catalog.