支持本站 — 捐款将帮助我们持续运营

目标:1000 元,已筹:736

73.6%
立即捐款
一、 漏洞 CVE-2021-47825 基础信息
漏洞信息
                                        # 艾利思更新服务1.2.3500.0未引用路径漏洞

N/A
神龙判断

是否为 Web 类漏洞: 未知

判断理由:

N/A
提示
尽管我们采用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。
神龙会尽力确保数据准确,但也请结合实际情况进行甄别与判断。
神龙祝您一切顺利!
漏洞标题
Acer Updater Service 1.2.3500.0 - 'UpdaterService.exe' Unquoted Service Path
来源:美国国家漏洞数据库 NVD
漏洞描述信息
Acer Updater Service 1.2.3500.0 contains an unquoted service path vulnerability that allows local users to execute code with elevated system privileges. Attackers can exploit the unquoted path in C:\Program Files\Acer\Acer Updater\ to inject malicious executables that will run with LocalSystem permissions during service startup.
来源:美国国家漏洞数据库 NVD
CVSS信息
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
来源:美国国家漏洞数据库 NVD
漏洞类别
未经引用的搜索路径或元素
来源:美国国家漏洞数据库 NVD
二、漏洞 CVE-2021-47825 的公开POC
#POC 描述源链接神龙链接
三、漏洞 CVE-2021-47825 的情报信息

  • 标题: Acer Updater Service 1.2.3500.0 - 'UpdaterService.exe' Unquoted Service Path - Windows local Exploit -- 🔗来源链接

    标签:exploit

    神龙速读:
                                            **关键信息:**

- **漏洞名称:** Acer Updater Service 1.2.3500.0 - 'UpdaterService.exe' Unquoted Service Path
- **EDB-ID:** 49890
- **CVE:** N/A
- **作者:** Emmanuel Lujan
- **类型:** LOCAL
- **平台:** WINDOWS
- **日期:** 2021-05-20
- **漏洞类型:** Unquoted Service Path
- **测试版本:** 1.2.3500.0
- **测试操作系统:** Windows 7 Home Premium x64

**漏洞路径:**
```
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
```

**漏洞描述:**
- 成功利用此漏洞需要本地用户能够在系统根路径中插入其代码,并且在应用启动或重启时执行,从而以应用的特权级别执行代码。
    Acer Updater Service 1.2.3500.0 - 'UpdaterService.exe' Unquoted Service Path - Windows local Exploit
  • https://www.acer.com/ac/en/US/content/homeproduct

  • 标题: Acer Updater Service 1.2.3500.0 - 'UpdaterService.exe' Unquoted Service Path | Advisories | VulnCheck -- 🔗来源链接

    标签:third-party-advisory

    神龙速读:
                                            ### 关键漏洞信息

- **Advisory Title**: Acer Updater Service 1.2.3500.0 - 'UpdaterService.exe' Unquoted Service Path
- **Severity**: HIGH
- **Date**: January 16, 2026
- **Affected Product**: Acer Updater Service 1.2.3500.0
- **CVE ID**: CVE-2021-47825
- **CWE ID**: CWE-428 Unquoted Search Path or Element
- **CVSS Score**: 5.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
- **Description**: 
  - The vulnerability allows local users to execute code with elevated system privileges by exploiting the unquoted path in `C:\Program Files\Acer\Acer Updater\` to inject malicious executables run with LocalSystem permissions.
- **References**:
  - [ExploitDB-49890](https://example.com/ExploitDB-49890)
  - [Acer Official Homepage](https://example.com/Acer)
- **Credit**: Emmanuel Lujan

- **Affected Path**: `C:\Program Files\Acer\Acer Updater\`
    Acer Updater Service 1.2.3500.0 - 'UpdaterService.exe' Unquoted Service Path | Advisories | VulnCheck
  • https://nvd.nist.gov/vuln/detail/CVE-2021-47825
四、漏洞 CVE-2021-47825 的评论

暂无评论

发表评论