Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
In the Quick Access Service (QAAdminAgent.exe) in Acer Quick Access V2.01.3000 through 2.01.3027 and V3.00.3000 through V3.00.3008, a REGULAR user can load an arbitrary unsigned DLL into the signed service's process, which is running as NT AUTHORITY\SYSTEM. This is a DLL Hijacking vulnerability (including search order hijacking, which searches for the missing DLL in the PATH environment variable), which is caused by an uncontrolled search path element for nvapi.dll, atiadlxx.dll, or atiadlxy.dll.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Acer Quick Access 安全漏洞
Vulnerability Description
Acer Quick Access V2.01.3000版本至2.01.3027版本和V3.00.3000版本至V3.00.3008版本中的Quick Access Service (QAAdminAgent.exe)存在DLL劫持漏洞。攻击者可利用该漏洞向被签名的Quick Access Service进程中加载任意未签名的DLL(该DLL会以NT AUTHORITYSYSTEM权限运行)。
CVSS Information
N/A
Vulnerability Type
N/A