CVE-2021-47896

Published: Jan 23, 2026Modified: Jan 26, 2026

8.5

Vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less

Source: disclosure@vulncheck.com (Secondary)

Description

PDF Complete Corporate Edition 4.1.45 contains an unquoted service path vulnerability in the pdfcDispatcher service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in the service binary location to inject malicious executables that will be run with elevated LocalSystem privileges.

Related CWEs

CWE-428

Unquoted Search Path or Element

The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path.

References (5)

https://pdf-complete.informer.com/download/

Source: disclosure@vulncheck.com

https://www.exploit-db.com/exploits/49558

Source: disclosure@vulncheck.com

https://www.pdfcomplete.com/cms/dpl/tabid/111/Default.aspx?r=du2vH8r

Source: disclosure@vulncheck.com

https://www.vulncheck.com/advisories/pdfcomplete-corporate-edition-pdfcdispatcher-unquoted-service-path

Source: disclosure@vulncheck.com

https://www.exploit-db.com/exploits/49558

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

Timeline

No history available yet.