CVE-2021-47863
Unquoted Service Path Vulnerability in MacPaw Encrypto Enables Code Execution
Publication date: 2026-01-21
Last updated on: 2026-01-21
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| macpaw | encrypto | 1.0.1 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-428 | The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an unquoted service path issue in MacPaw Encrypto version 1.0.1's Encrypto Service configuration. Because the service path at C:\Program Files\Encrypto\ is not enclosed in quotes, local attackers can place malicious executables in directories along this path. When the service starts, it may execute these malicious files, allowing attackers to run arbitrary code and escalate their privileges on Windows systems. [2, 3]
How can this vulnerability impact me? :
If exploited, this vulnerability allows a local attacker to execute arbitrary code with elevated privileges on your Windows system. This means the attacker can potentially take control of the system, install malware, access sensitive data, or perform other malicious actions with higher privileges than they normally have. [2, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking the service configuration for unquoted service paths. Specifically, you can use Windows Management Instrumentation Command-line (WMIC) and Service Control (sc) commands to query the Encrypto Service configuration. For example, use `wmic service where "name='Encrypto Service'" get PathName,StartMode,StartName` to view the service executable path and verify if the path is unquoted. Additionally, `sc qc "Encrypto Service"` can be used to query the service configuration and confirm if the executable path is unquoted and if the service runs under the LocalSystem account. [3]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include correcting the unquoted service path by enclosing the executable path in quotes to prevent malicious executable injection. Alternatively, restrict local user permissions to prevent placing executables in directories along the service path. Ensuring that the service does not run with elevated privileges unnecessarily and applying any available patches or updates from the vendor can also help mitigate the risk. [2, 3]