Incorrect Default Permissions
An exploitable local privilege elevation vulnerability exists in the file system permissions of the Win-911 Enterprise V4.20.13 install directory via WIN-911 Account Change Utility. Depending on the vector chosen, an attacker can overwrite various executables which could lead to escalation of the privileges when executed.
CWE-276 - Incorrect Default Permissions
During installation, installed file permissions are set to allow anyone to modify those files.