CVE-2021-47862
Unquoted Service Path in HiPatchService Allows Privilege Escalation
Publication date: 2026-01-21
Last updated on: 2026-01-21
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| hi-rez_studios | hipatchservice | 5.1.6.3 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-428 | The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :
This vulnerability can allow a local attacker to execute malicious code with elevated privileges (LocalSystem level) on the affected system. This means the attacker can gain high-level control over the system, potentially compromising confidentiality, integrity, and availability of data and system resources. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking the service configuration for unquoted service paths, specifically for the 'HiPatchService'. On Windows systems, you can use the following commands: 1) Use WMIC to query services with unquoted paths running automatically: wmic service get name,pathname,startmode | findstr /i "HiPatchService" 2) Use the Service Control (sc) command to query the service configuration and confirm the unquoted binary path: sc qc HiPatchService These commands help identify if the service executable path is unquoted and contains spaces, which indicates the vulnerability. [2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include correcting the unquoted service path by enclosing the executable path in quotes to prevent Windows from misinterpreting the path and executing malicious code. Specifically, update the service configuration to quote the path to HiPatchService.exe, for example: "C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe". Additionally, restrict local user permissions to prevent unauthorized users from placing malicious executables in directories that could be executed during system startup or reboot. If possible, apply any available patches or updates from Hi-Rez Studios addressing this vulnerability. [1, 2]
Can you explain this vulnerability to me?
CVE-2021-47862 is an unquoted service path vulnerability in the HiPatchService of Hi-Rez Studios version 5.1.6.3. Because the service executable path contains spaces and is not enclosed in quotes, Windows may misinterpret the path and execute malicious code placed in a higher-priority directory during system startup or reboot. This allows a local attacker to execute arbitrary code with elevated privileges, running with LocalSystem permissions. [1, 2]