Privacy Drive 3.17.0 Unquoted Path Leads to Local Privilege Escalation
The National Vulnerability Database (NVD) reports that Privacy Drive 3.17.0 is susceptible to an unquoted service path vulnerability, identified as CVE-2020-37231. This flaw exists in the pdsvc.exe service binary, allowing local attackers to achieve privilege escalation.
Attackers can exploit this by placing malicious executables in the unquoted path directories. When the service starts or the system reboots, these malicious files will execute with LocalSystem privileges, granting the attacker arbitrary code execution. The NVD assigns this vulnerability a CVSS score of 7.8 (High severity), emphasizing the critical impact on confidentiality, integrity, and availability.
While specific affected products aren’t detailed beyond Privacy Drive 3.17.0, the underlying issue points to CWE-428 (Unquoted Search Path or Element). This class of vulnerability is a common pitfall in Windows service configurations. Defenders need to understand that this isn’t a remote exploit; it requires local access, but once an attacker has a foothold, this bug provides a straightforward path to full system compromise.
What This Means For You
- If your organization uses Privacy Drive 3.17.0, you have a critical local privilege escalation vector. This isn't a theoretical risk; it's a known, high-severity vulnerability that any attacker with local access will absolutely leverage. Patch or remove this software immediately. Don't assume that because it's local, it's not a priority — initial access is often followed by privilege escalation.
Related ATT&CK Techniques
🛡️ Detection Rules
3 rules · 6 SIEM formats3 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.
CVE-2020-37231: Privacy Drive Unquoted Service Path Privilege Escalation
title: CVE-2020-37231: Privacy Drive Unquoted Service Path Privilege Escalation
id: scw-2026-05-16-ai-1
status: experimental
level: high
description: |
Detects the Privacy Drive service executable (pdsvc.exe) being launched with a command line that includes a space followed by a directory (e.g., ' C:\Windows\System32\') which is indicative of an unquoted service path vulnerability. An attacker could place a malicious executable in such a path to achieve privilege escalation when the service starts.
author: SCW Feed Engine (AI-generated)
date: 2026-05-16
references:
- https://shimiscyberworld.com/posts/nvd-CVE-2020-37231/
tags:
- attack.persistence
- attack.t1547.002
logsource:
category: process_creation
detection:
selection:
Image|startswith:
- 'C:\Program Files\Privacy Drive\pdsvc.exe'
CommandLine|contains:
- ' C:\'
condition: selection
falsepositives:
- Legitimate administrative activity
Source: Shimi's Cyber World · License & reuse
Indicators of Compromise
| ID | Type | Indicator |
|---|---|---|
| CVE-2020-37231 | Privilege Escalation | Privacy Drive 3.17.0 |
| CVE-2020-37231 | Privilege Escalation | pdsvc.exe service binary |
| CVE-2020-37231 | Privilege Escalation | Unquoted Service Path |
Written by SCW Vulnerability Desk
Source & Attribution
| Source Platform | NVD |
| Channel | National Vulnerability Database |
| Published | May 16, 2026 at 19:16 UTC |
This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.
Believe this infringes your rights? Submit a takedown request.
Related coverage
WordPress Plugin Backup and Restore: Arbitrary File Deletion Exposes Installations
CVE-2021-47979 — WordPress Plugin Backup and Restore 1.0.3 contains an arbitrary file deletion vulnerability that allows authenticated attackers to delete files by manipulating parameters in...
TextPattern CMS RCE via Plugin Upload (CVE-2021-47976)
CVE-2021-47976 — TextPattern CMS 4.9.0-dev contains a remote code execution vulnerability that allows authenticated attackers to upload arbitrary PHP files by exploiting the plugin upload...
EgavilanMedia PHPCRUD SQLi Exposes Unauthenticated Data Access
CVE-2021-47956 — EgavilanMedia PHPCRUD 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the firstname...