A local attacker can gain administrative privileges by inserting an executable file in the path of the affected product.