CVE-2021-35448

Published: Jun 24, 2021Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

Emote Interactive Remote Mouse 3.008 on Windows allows attackers to execute arbitrary programs as Administrator by using the Image Transfer Folder feature to navigate to cmd.exe. It binds to local ports to listen for incoming connections.

Affected (1)

Products: Remotemouse: Emote Interactive Studio

Remotemouse

1 product

Emote Interactive Studio

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Remotemouse Emote Interactive Studio	Version 3.008

Running on/with	Platform Versions
Microsoft Windows	All versions

Related CWEs

CWE-269

Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References (6)

https://deathflash.ml/blog/remote-mouse-lpe

Source: cve@mitre.org

ExploitThird Party Advisory

https://leobreaker1411.github.io/blog/cve-2021-35448

Source: cve@mitre.org

ExploitThird Party Advisory

https://www.exploit-db.com/exploits/50047

Source: cve@mitre.org

ExploitThird Party AdvisoryVDB Entry

https://deathflash.ml/blog/remote-mouse-lpe

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://leobreaker1411.github.io/blog/cve-2021-35448

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://www.exploit-db.com/exploits/50047

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party AdvisoryVDB Entry

Timeline

No history available yet.