Vulnerability Description
The text-to-speech engine in libretro RetroArch for Windows 1.9.0 passes unsanitized input to PowerShell through platform_win32.c via the accessibility_speak_windows function, which allows attackers who have write access on filesystems that are used by RetroArch to execute code via command injection using specially a crafted file and directory names.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Libretro | Retroarch | >= 1.9.0, <= 1.9.4 |
| Microsoft | Windows | - |
Related Weaknesses (CWE)
References
- http://libretro.comExploitVendor Advisory
- http://retroarch.comProductVendor Advisory
- https://github.com/libretro/RetroArch/blob/d3dc3ee989ec6a4903c689907ffc47027f71fPatchThird Party Advisory
- https://labs.bishopfox.com/advisories/retroarch-for-windows-version-1.9.0ExploitThird Party Advisory
- http://libretro.comExploitVendor Advisory
- http://retroarch.comProductVendor Advisory
- https://github.com/libretro/RetroArch/blob/d3dc3ee989ec6a4903c689907ffc47027f71fPatchThird Party Advisory
- https://labs.bishopfox.com/advisories/retroarch-for-windows-version-1.9.0ExploitThird Party Advisory
FAQ
What is CVE-2021-28927?
CVE-2021-28927 is a vulnerability with a CVSS score of 7.8 (HIGH). The text-to-speech engine in libretro RetroArch for Windows 1.9.0 passes unsanitized input to PowerShell through platform_win32.c via the accessibility_speak_windows function, which allows attackers w...
How severe is CVE-2021-28927?
CVE-2021-28927 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-28927?
Check the references section above for vendor advisories and patch information. Affected products include: Libretro Retroarch, Microsoft Windows.