EMC Retrospect for Windows 6.5 before 6.5.382, 7.0 before 7.0.344, and 7.5 before 7.5.1.105 allows local users to execute arbitrary code by replacing the Retrospect.exe file, possibly due to improper file permissions.
https://exchange.xforce.ibmcloud.com/vulnerabilities/26227
http://www.vupen.com/english/advisories/2006/1612
http://secunia.com/advisories/19850
http://kb.dantz.com/display/2n/articleDirect/index.asp?aid=9507&r=0.7344324