CVE-2021-47879
Unquoted Service Path in eBeam Stylus Driver Enables Privilege Escalation
Publication date: 2026-01-21
Last updated on: 2026-01-21
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| luidia | ebeam_interactive_suite | 3.6 |
| luidia | ebeam_stylus_driver | 3.6 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-428 | The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2021-47879 is an unquoted service path vulnerability in the eBeam Stylus Driver service of eBeam Interactive Suite 3.6. Because the service path is not enclosed in quotes and contains spaces, local attackers can place malicious executables in directories along the path. When the service starts, these malicious executables may be run with elevated LocalSystem privileges, allowing attackers to execute code with high-level permissions on the system. [1, 2]
How can this vulnerability impact me? :
This vulnerability can allow a local attacker to escalate their privileges by executing malicious code with LocalSystem permissions. This means the attacker could gain full control over the affected system, potentially compromising confidentiality, integrity, and availability of data and system resources. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
You can detect this vulnerability by checking the service path of the 'eBeam Stylus Driver' service to see if it is unquoted and contains spaces. On a Windows system, you can use the following command in an elevated command prompt or PowerShell to check the service path: sc qc "eBeam Stylus Driver". If the path is unquoted and contains spaces (e.g., C:\Program Files (x86)\Luidia\eBeam Stylus Driver\eBeam_Stylus_Driver.exe), the system is vulnerable. Additionally, you can manually inspect the service properties via the Services MMC snap-in (services.msc) to verify the executable path. [2]
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability immediately, you should correct the unquoted service path by enclosing the entire executable path in double quotes. For example, change the service path to "C:\Program Files (x86)\Luidia\eBeam Stylus Driver\eBeam_Stylus_Driver.exe". This prevents the system from searching unintended directories for executables. Alternatively, ensure that no malicious executables exist in directories along the unquoted path. Applying the latest vendor patches or updates, if available, is also recommended. [1, 2]