ZKTime.Net suffers from an elevation of privileges vulnerability which can be used by a simple user that can change the executable file with a binary of choice. The vulnerability exist due to the improper permissions, with the ‘C’ flag (Change) for ‘Everyone’ group, making the entire directory ‘ZKTimeNet3.0’ and its files and sub-dirs world-writable. Version 3.0.1.6 is affected.