EfficientLab Controlio before v1.3.95 contains a DLL hijacking vulnerability caused by weak folder permissions in the installation directory. A local attacker can place a specially crafted DLL in this directory and achieve arbitrary code execution with highest privileges, because the affected service runs as NT AUTHORITY\SYSTEM.
Exploitability
AV:LAC:LPR:HUI:NScope
S:UImpact
C:LI:HA:N5.1/CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:NOther