ГлавнаяУязвимости → CVE-2021-47825
7.8высокая

CVE-2021-47825

Описание

Acer Updater Service 1.2.3500.0 contains an unquoted service path vulnerability that allows local users to execute code with elevated system privileges. Attackers can exploit the unquoted path in C:\Program Files\Acer\Acer Updater\ to inject malicious executables that will run with LocalSystem permissions during service startup.

CVSS
Балл7.8 — высокая
ВекторCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Источники
https://www.acer.com/ac/en/US/content/homehttps://www.exploit-db.com/exploits/49890https://www.vulncheck.com/advisories/acer-updater-service-updaterserviceexe-unquoted-service-path