Local DLL Hijacking Vulnerability in Acer Care Center
CVE-2021-45975

7.8HIGH

Key Information:

Vendor

Acer

Status
Care Center
Vendor
CVE Published:
26 January 2022

What is CVE-2021-45975?

A vulnerability in the ListCheck.exe of Acer Care Center versions before 4.00.3038 allows local attackers to exploit improper handling of Windows DLL directory search paths. By placing a malicious DLL file on the system, an attacker could achieve arbitrary code execution with local administrator privileges when the vulnerable application is launched. This creates significant security risks for affected users.

References

https://acercsi.com
x_refsource_MISC
https://community.acer.com/en/kb/articles/14757-acer-care...
x_refsource_MISC
https://aptw.tf/2022/01/20/acer-care-center-privesc.html
x_refsource_MISC

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.