Windows
CVE-2021-47806
HIGH
Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
3DescriptionCVE.org
Dup Scout 13.5.28 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files\Dup Scout Server\bin\dupscts.exe' to inject malicious executables and escalate privileges.
AnalysisAI
Dup Scout versions up to 13.5.28 contains a vulnerability that allows attackers to potentially execute arbitrary code (CVSS 7.8).
Technical ContextAI
exists in the its Windows component. Dup Scout 13.5.28 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files\Dup Scout Server\bin\dupscts.exe' to inject malicious executables and escalate privileges.
RemediationAI
Monitor vendor advisories for a patch.
More from same product – last 7 days
Use after free in DigitalCredentials in Google Chrome on Windows prior to 149.0.7827.155 allowed a remote attacker to po
Use after free in WebShare in Google Chrome on Windows prior to 149.0.7827.155 allowed a remote attacker who had comprom
Use after free in Chromoting in Google Chrome on Windows prior to 149.0.7827.155 allowed a local attacker to perform OS-
Out of bounds read in WebRTC in Google Chrome on Windows prior to 149.0.7827.155 allowed a remote attacker to obtain pot
Out of bounds read in Chromoting in Google Chrome on Windows prior to 149.0.7827.155 allowed a local attacker to obtain
Share
External POC / Exploit Code
Leaving vuln.today