Local Privilege Escalation in Emote Interactive Remote Mouse by Emote
CVE-2021-35448

7.8HIGH

Key Information:

Vendor

Remotemouse

Status
Emote Interactive Studio
Vendor
CVE Published:
24 June 2021

Badges

👾 Exploit Exists

What is CVE-2021-35448?

The Emote Interactive Remote Mouse version 3.008 on Windows is susceptible to a local privilege escalation vulnerability. This flaw permits attackers to execute arbitrary programs with Administrator privileges by exploiting the Image Transfer Folder feature. By navigating to cmd.exe through this feature, malicious users can bind to local ports to listen for incoming connections, posing significant security risks to affected systems.

References

https://deathflash.ml/blog/remote-mouse-lpe
x_refsource_MISC
https://www.exploit-db.com/exploits/50047
x_refsource_MISC
https://leobreaker1411.github.io/blog/cve-2021-35448
x_refsource_MISC

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

JSON
.