Command Injection Vulnerability in RetroArch for Windows by libretro
CVE-2021-28927

7.8HIGH

Key Information:

Vendor

Libretro

Status
Retroarch
Vendor
CVE Published:
7 April 2021

What is CVE-2021-28927?

The text-to-speech engine in RetroArch for Windows version 1.9.0 allows attackers with write access to exploited files to execute arbitrary code. By crafting specific file and directory names, attackers can pass unsanitized inputs through the accessibility_speak_windows function, ultimately leading to command injection via PowerShell. This vulnerability poses significant risks for users, potentially enabling unauthorized actions if left unaddressed.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://libretro.com
x_refsource_MISC
http://retroarch.com
x_refsource_MISC
https://github.com/libretro/RetroArch/blob/d3dc3ee989ec6a...
x_refsource_MISC

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.