CVE-2021-47879

eBeam Interactive Suite 3.6 contains an unquoted service path vulnerability in the eBeam Stylus Driver service that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in C:\Program Files (x86)\Luidia\eBeam Stylus Driver\ to inject malicious executables that would run with LocalSystem permissions.

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
http://esvc000385.wic045u.server-web.com/Downloads/eBeam/
https://www.exploit-db.com/exploits/49648
https://www.vulncheck.com/advisories/ebeam-interactive-suite-ebeam-stylus-driver-unquoted-service-path

Configurations

No configuration.

History

15 Apr 2026, 00:35

Type	Values Removed	Values Added
Summary		(es) eBeam Interactive Suite 3.6 contiene una vulnerabilidad de ruta de servicio sin comillas en el servicio eBeam Stylus Driver que permite a los usuarios locales ejecutar código potencialmente con privilegios elevados. Los atacantes pueden explotar la ruta sin comillas en C:\Program Files (x86)\Luidia\eBeam Stylus Driver\ para inyectar ejecutables maliciosos que se ejecutarían con permisos de LocalSystem.

21 Jan 2026, 18:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-01-21 18:16

Updated : 2026-04-15 00:35

NVD link : CVE-2021-47879

Mitre link : CVE-2021-47879

CVE.ORG link : CVE-2021-47879

JSON object : View

Products Affected

No product.

CWE

CWE-428

Unquoted Search Path or Element

{"id": "CVE-2021-47879", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "disclosure@vulncheck.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}], "cvssMetricV40": [{"type": "Secondary", "source": "disclosure@vulncheck.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.5, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2026-01-21T18:16:22.093", "references": [{"url": "http://esvc000385.wic045u.server-web.com/Downloads/eBeam/", "source": "disclosure@vulncheck.com"}, {"url": "https://www.exploit-db.com/exploits/49648", "source": "disclosure@vulncheck.com"}, {"url": "https://www.vulncheck.com/advisories/ebeam-interactive-suite-ebeam-stylus-driver-unquoted-service-path", "source": "disclosure@vulncheck.com"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "disclosure@vulncheck.com", "description": [{"lang": "en", "value": "CWE-428"}]}], "descriptions": [{"lang": "en", "value": "eBeam Interactive Suite 3.6 contains an unquoted service path vulnerability in the eBeam Stylus Driver service that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in C:\\Program Files (x86)\\Luidia\\eBeam Stylus Driver\\ to inject malicious executables that would run with LocalSystem permissions."}, {"lang": "es", "value": "eBeam Interactive Suite 3.6 contiene una vulnerabilidad de ruta de servicio sin comillas en el servicio eBeam Stylus Driver que permite a los usuarios locales ejecutar c\u00f3digo potencialmente con privilegios elevados. Los atacantes pueden explotar la ruta sin comillas en C:\\Program Files (x86)\\Luidia\\eBeam Stylus Driver\\ para inyectar ejecutables maliciosos que se ejecutar\u00edan con permisos de LocalSystem."}], "lastModified": "2026-04-15T00:35:42.020", "sourceIdentifier": "disclosure@vulncheck.com"}