Medium
The vulnerability exists in Dropbox for Windows and is an arbitrary file overwrite issue that can give an attacker with local user access escalated privileges to execute code as SYSTEM. DropboxUpdater is installed as part of the Dropbox client software,it runs as SYSTEM in standard installations and that “one of the dropboxupdate tasks is run every hour by the task scheduler.” Every time this is triggered, it writes a log file to a location where the SYSTEM account leaves it vulnerable to exploitation.
System Privileges
Dropbox
Dropbox for Windows
Dropbox is yet to release a fix for the vulnerability.