CVE-2021-45975
Published on: Not Yet Published
Last Modified on: 02/02/2022 03:51:00 PM UTC
Certain versions of Care Center from Acer contain the following vulnerability:
In ListCheck.exe in Acer Care Center 4.x before 4.00.3038, a vulnerability in the loading mechanism of Windows DLLs could allow a local attacker to perform a DLL hijacking attack. This vulnerability is due to incorrect handling of directory search paths at run time. An attacker could exploit this vulnerability by placing a malicious DLL file on the targeted system. This file will execute when the vulnerable application launches. A successful exploit could allow the attacker to execute arbitrary code on the targeted system with local administrator privileges.
- CVE-2021-45975 has been assigned by
[email protected] to track the vulnerability - currently rated as HIGH severity.
CVSS3 Score: 7.8 - HIGH
Attack Vector ⓘ |
Attack Complexity |
Privileges Required |
User Interaction |
---|---|---|---|
LOCAL | LOW | NONE | REQUIRED |
Scope | Confidentiality Impact |
Integrity Impact |
Availability Impact |
UNCHANGED | HIGH | HIGH | HIGH |
CVSS2 Score: 6.9 - MEDIUM
Access Vector ⓘ |
Access Complexity |
Authentication |
---|---|---|
LOCAL | MEDIUM | NONE |
Confidentiality Impact |
Integrity Impact |
Availability Impact |
COMPLETE | COMPLETE | COMPLETE |
CVE References
Description | Tags ⓘ | Link |
---|---|---|
Acer Care Center Requires an Update to Resolve a Security Vulnerability - Acer Community | community.acer.com text/html |
![]() |
???????? The ace(r) up your sleeve! | APT::WTF - APTortellini’s blog | aptw.tf text/html |
![]() |
資訊安全專家 | ACSI安碁資訊股份有限公司 | web.archive.org text/html Inactive LinkNot Archived |
![]() |
There are currently no QIDs associated with this CVE
Known Affected Configurations (CPE V2.3)
Type | Vendor | Product | Version | Update | Edition | Language |
---|---|---|---|---|---|---|
Application | Acer | Care Center | All | All | All | All |
- cpe:2.3:a:acer:care_center:*:*:*:*:*:*:*:*:
No vendor comments have been submitted for this CVE
Social Mentions
Source | Title | Posted (UTC) |
---|---|---|
![]() |
Who wants a privilege escalation in a product installed on most Acer laptops? A writeup of CVE-2021-45975 by… twitter.com/i/web/status/1… | 2022-01-19 16:20:31 |
![]() |
.@CVEnew @CVEannounce @MITREcorp since both @Acer advisory and @APTortellini's post about CVE-2021-45975 are now pu… twitter.com/i/web/status/1… | 2022-01-20 11:09:47 |
![]() |
CVE-2021-45975 : In ListCheck.exe in Acer Care Center 4.x before 4.00.3038, a vulnerability in the loading mechanis… twitter.com/i/web/status/1… | 2022-01-26 15:03:44 |
![]() |
CVE-2021-45975 | 2022-01-26 15:38:44 |