CVE-2009-4606

high

Description

South River Technologies WebDrive 9.02 build 2232 installs the WebDrive Service without a security descriptor, which allows local users to (1) stop the service via the stop command, (2) execute arbitrary commands as SYSTEM by using the config command to modify the binPath variable, or (3) restart the service via the start command.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/53885

http://www.vupen.com/english/advisories/2009/2994

http://www.securityfocus.com/archive/1/507323/100/0/threaded

http://secunia.com/advisories/37083

http://retrogod.altervista.org/9sg_south_river_priv.html

http://osvdb.org/59080

Details

Source: Mitre, NVD

Published: 2010-01-13

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 7.2

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.00126