** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none

CWE-732

** DISPUTED ** Splinterware System Scheduler Professional version 5.30 is subject to insecure folders permissions issue impacting where the service 'WindowsScheduler' calls its executable. This allow a non-privileged user to execute arbitrary code with elevated privileges (system level privileges as "nt authority\system") since the service runs as Local System. NOTE: the vendor states that the exploit-db.com and packetstormsecurity.com references (provided by a third party) were deleted once the

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.

http://splinterware.com [Vendor Advisory]

https://packetstormsecurity.com/files/162540/Splinterware-System-Scheduler-Professional-5.30-Privilege-Escalation.html [Exploit, Third Party Advisory, VDB Entry]

https://www.exploit-db.com/exploits/49858 [Exploit, Third Party Advisory, VDB Entry]

Splinterware System Scheduler Professional version 5.30 is subject to insecure folders permissions issue impacting where the service 'WindowsScheduler' calls its executable. This allow a non-privileged user to execute arbitrary code with elevated privileges (system level privileges as "nt authority\system") since the service runs as Local System.

** DISPUTED ** Splinterware System Scheduler Professional version 5.30 is subject to insecure folders permissions issue impacting where the service 'WindowsScheduler' calls its executable. This allow a non-privileged user to execute arbitrary code with elevated privileges (system level privileges as "nt authority\system") since the service runs as Local System. NOTE: the vendor states that the exploit-db.com and packetstormsecurity.com references (provided by a third party) were deleted once the

NIST AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

NIST (AV:L/AC:L/Au:N/C:C/I:C/A:C)

NIST CWE-269

OR
     *cpe:2.3:a:splinterware:system_scheduler:5.30:*:*:*:professional:*:*:*

http://splinterware.com No Types Assigned

http://splinterware.com Vendor Advisory

https://packetstormsecurity.com/files/162540/Splinterware-System-Scheduler-Professional-5.30-Privilege-Escalation.html No Types Assigned

https://packetstormsecurity.com/files/162540/Splinterware-System-Scheduler-Professional-5.30-Privilege-Escalation.html Exploit, Third Party Advisory, VDB Entry

https://www.exploit-db.com/exploits/49858 No Types Assigned

https://www.exploit-db.com/exploits/49858 Exploit, Third Party Advisory, VDB Entry