Vulnerability Description
An issue was discovered in Allegro Windows (formerly Popsy Windows) before 3.3.4156.1. A standard user can escalate privileges to SYSTEM if the FTP module is installed, because of DLL hijacking.
CVSS Score
7.1
HIGH
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Allegro | Allegro | < 3.3.4156.1 |
References
- http://www.popsy.com/Documents/Setups/Setup.Allegro.3.3.4154.2.exePatchVendor Advisory
- https://cds.thalesgroup.com/en/tcs-cert/CVE-2021-42110
- https://excellium-services.com/cert-xlm-advisory/CVE-2021-42110PatchThird Party Advisory
- http://www.popsy.com/Documents/Setups/Setup.Allegro.3.3.4154.2.exePatchVendor Advisory
- https://excellium-services.com/cert-xlm-advisory/CVE-2021-42110PatchThird Party Advisory
FAQ
What is CVE-2021-42110?
CVE-2021-42110 is a vulnerability with a CVSS score of 7.1 (HIGH). An issue was discovered in Allegro Windows (formerly Popsy Windows) before 3.3.4156.1. A standard user can escalate privileges to SYSTEM if the FTP module is installed, because of DLL hijacking.
How severe is CVE-2021-42110?
CVE-2021-42110 has been rated HIGH with a CVSS base score of 7.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-42110?
Check the references section above for vendor advisories and patch information. Affected products include: Allegro Allegro.