Untriaged
Permalink
CVE-2021-47863
7.8 HIGH
- CVSS version: 3.1
- Attack vector (AV): LOCAL
- Attack complexity (AC): LOW
- Privileges required (PR): LOW
- User interaction (UI): NONE
- Scope (S): UNCHANGED
- Confidentiality impact (C): HIGH
- Integrity impact (I): HIGH
- Availability impact (A): HIGH
MacPaw Encrypto 1.0.1 - 'Encrypto Service' Unquoted Service Path
MacPaw Encrypto 1.0.1 contains an unquoted service path vulnerability in its Encrypto Service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in C:\Program Files\Encrypto\ to inject malicious executables and escalate privileges on Windows systems.
References
- ExploitDB-49694 exploit
- MacPaw Encrypto Official Homepage product
- VulnCheck Advisory: MacPaw Encrypto 1.0.1 - 'Encrypto Service' Unquoted Service Path third-party-advisory
- ExploitDB-49694 exploit
- MacPaw Encrypto Official Homepage product
- VulnCheck Advisory: MacPaw Encrypto 1.0.1 - 'Encrypto Service' Unquoted Service Path third-party-advisory
Affected products
Encrypto
- ==1.0.1
Matching in nixpkgs
pkgs.opencryptoki
PKCS#11 implementation for Linux