CVE-2021-47861
Unknown Unknown - Not Provided
Unquoted Service Path in Event Log Explorer 4.9.3 Enables Privilege Escalation

Publication date: 2026-01-21

Last updated on: 2026-01-21

Assigner: VulnCheck

Description
Event Log Explorer 4.9.3 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted service path by placing malicious executables in specific file system locations that will be executed with LocalSystem account privileges during service startup.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-21
Last Modified
2026-01-21
Generated
2026-06-16
AI Q&A
2026-01-21
EPSS Evaluated
2026-06-15
NVD
CVE-2021-47861
EUVD
EUVD-2026-3635
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
fspro_labs event_log_explorer 4.9.3
unknown_vendor elodea_event_collector 4.9.3
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-428 The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2021-47861 is an unquoted service path vulnerability in Event Log Explorer version 4.9.3. This flaw occurs because the service executable path is not enclosed in quotes, which can cause Windows to misinterpret the path and execute malicious executables placed by a local attacker in higher-priority locations. Exploiting this vulnerability allows local users to execute arbitrary code with elevated system privileges under the LocalSystem account during service startup. [1, 2]

Impact Analysis

This vulnerability can lead to local privilege escalation, allowing an attacker with local access to execute arbitrary code with elevated system privileges. This means the attacker could gain full control over the affected system, potentially leading to unauthorized access, data manipulation, or disruption of system operations. [1, 2]

Detection Guidance

This vulnerability can be detected by checking the service executable path for unquoted spaces in the 'ElodeaEventCollectorService'. On a Windows system, you can use the command: sc qc ElodeaEventCollectorService to display the service configuration, including the executable path. If the path is unquoted and contains spaces (e.g., C:\Program Files (x86)\Elodea\EventCollector.exe without quotes), the system is vulnerable. Additionally, you can manually inspect the service path in the registry under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ElodeaEventCollectorService. Look for unquoted paths that could allow execution of malicious executables placed in higher-priority locations such as C:\Program.exe or C:\Program Files.exe. [1, 2]

Mitigation Strategies

To mitigate this vulnerability immediately, you should correct the unquoted service path by enclosing the executable path in quotes. For example, change the service executable path from C:\Program Files (x86)\Elodea\EventCollector.exe to "C:\Program Files (x86)\Elodea\EventCollector.exe". This prevents Windows from misinterpreting the path and executing malicious files placed in higher-priority locations. Additionally, restrict local user permissions to prevent placing executables in system directories and monitor for suspicious files in locations like C:\. Applying the latest patches or updates from the software vendor, if available, is also recommended. [1, 2]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2021-47861. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart