id,summary,reporter,owner,description,type,status,priority,component,resolution,keywords,cc,component_version,os,os_version 3981,Security Hole: rights escalation (ImagePath),George Shuklin,,"By default, filezilla server register as service: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FileZilla Server\ImagePath = C:\Program Files\FileZilla Server\FileZilla Server.exe but due windows .. a.. behavior, if name of ImagePath created without quotation (e.g. ""C:\Program Files\FileZilla Server\FileZilla Server.exe""), first, c:\program.exe will be runned (if existed). By default windows XP, 2003 allows user (non-administrator) to create files in the root of ""c:\"". By putting program.exe file in c:\ user could escalate rights. Solution: in the installation process, add an ImagePath with quotation.",Bug report,closed,normal,FileZilla Server,fixed,,,,Windows,"Windows XP, Windows 2003"