Vulnerability Description
In ListCheck.exe in Acer Care Center 4.x before 4.00.3038, a vulnerability in the loading mechanism of Windows DLLs could allow a local attacker to perform a DLL hijacking attack. This vulnerability is due to incorrect handling of directory search paths at run time. An attacker could exploit this vulnerability by placing a malicious DLL file on the targeted system. This file will execute when the vulnerable application launches. A successful exploit could allow the attacker to execute arbitrary code on the targeted system with local administrator privileges.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Acer | Care Center | >= 4.0, < 4.00.3038 |
Related Weaknesses (CWE)
References
- https://acercsi.comBroken Link
- https://aptw.tf/2022/01/20/acer-care-center-privesc.htmlExploitThird Party Advisory
- https://community.acer.com/en/kb/articles/14757-acer-care-center-requires-an-updVendor Advisory
- https://acercsi.comBroken Link
- https://aptw.tf/2022/01/20/acer-care-center-privesc.htmlExploitThird Party Advisory
- https://community.acer.com/en/kb/articles/14757-acer-care-center-requires-an-updVendor Advisory
FAQ
What is CVE-2021-45975?
CVE-2021-45975 is a vulnerability with a CVSS score of 7.8 (HIGH). In ListCheck.exe in Acer Care Center 4.x before 4.00.3038, a vulnerability in the loading mechanism of Windows DLLs could allow a local attacker to perform a DLL hijacking attack. This vulnerability i...
How severe is CVE-2021-45975?
CVE-2021-45975 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-45975?
Check the references section above for vendor advisories and patch information. Affected products include: Acer Care Center.