CVE-2021-47879
Unknown Unknown - Not Provided
Unquoted Service Path in eBeam Stylus Driver Enables Privilege Escalation

Publication date: 2026-01-21

Last updated on: 2026-01-21

Assigner: VulnCheck

Description
eBeam Interactive Suite 3.6 contains an unquoted service path vulnerability in the eBeam Stylus Driver service that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in C:\Program Files (x86)\Luidia\eBeam Stylus Driver\ to inject malicious executables that would run with LocalSystem permissions.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-21
Last Modified
2026-01-21
Generated
2026-06-16
AI Q&A
2026-01-21
EPSS Evaluated
2026-06-15
NVD
CVE-2021-47879
EUVD
EUVD-2026-3639
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
luidia ebeam_interactive_suite 3.6
luidia ebeam_stylus_driver 3.6
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-428 The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2021-47879 is an unquoted service path vulnerability in the eBeam Stylus Driver service of eBeam Interactive Suite 3.6. Because the service path is not enclosed in quotes and contains spaces, local attackers can place malicious executables in directories along the path. When the service starts, these malicious executables may be run with elevated LocalSystem privileges, allowing attackers to execute code with high-level permissions on the system. [1, 2]

Impact Analysis

This vulnerability can allow a local attacker to escalate their privileges by executing malicious code with LocalSystem permissions. This means the attacker could gain full control over the affected system, potentially compromising confidentiality, integrity, and availability of data and system resources. [1, 2]

Detection Guidance

You can detect this vulnerability by checking the service path of the 'eBeam Stylus Driver' service to see if it is unquoted and contains spaces. On a Windows system, you can use the following command in an elevated command prompt or PowerShell to check the service path: sc qc "eBeam Stylus Driver". If the path is unquoted and contains spaces (e.g., C:\Program Files (x86)\Luidia\eBeam Stylus Driver\eBeam_Stylus_Driver.exe), the system is vulnerable. Additionally, you can manually inspect the service properties via the Services MMC snap-in (services.msc) to verify the executable path. [2]

Mitigation Strategies

To mitigate this vulnerability immediately, you should correct the unquoted service path by enclosing the entire executable path in double quotes. For example, change the service path to "C:\Program Files (x86)\Luidia\eBeam Stylus Driver\eBeam_Stylus_Driver.exe". This prevents the system from searching unintended directories for executables. Alternatively, ensure that no malicious executables exist in directories along the unquoted path. Applying the latest vendor patches or updates, if available, is also recommended. [1, 2]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2021-47879. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart