CVE-2021-47896
Unknown Unknown - Not Provided
Unquoted Service Path in PDF Complete Allows Privilege Escalation

Publication date: 2026-01-23

Last updated on: 2026-01-23

Assigner: VulnCheck

Description
PDF Complete Corporate Edition 4.1.45 contains an unquoted service path vulnerability in the pdfcDispatcher service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in the service binary location to inject malicious executables that will be run with elevated LocalSystem privileges.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-23
Last Modified
2026-01-23
Generated
2026-06-16
AI Q&A
2026-01-23
EPSS Evaluated
2026-06-15
NVD
CVE-2021-47896
EUVD
EUVD-2026-4279
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
pdf_complete pdf_complete_corporate_edition 4.1.45
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-428 The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is an unquoted service path issue in the 'pdfcDispatcher' service of PDF Complete Corporate Edition 4.1.45. Because the service executable path contains spaces and is not enclosed in quotes, a local attacker can place a malicious executable in a location that Windows might execute instead of the legitimate service binary. Since the service runs with elevated LocalSystem privileges, this allows the attacker to execute arbitrary code with high-level system access. [2, 3]

Impact Analysis

If exploited, this vulnerability allows a local attacker to execute arbitrary code with elevated LocalSystem privileges on the affected system. This can lead to full system compromise, including unauthorized access, modification, or destruction of data, and disruption of system availability. [2, 3]

Detection Guidance

This vulnerability can be detected by checking for unquoted service paths in the 'pdfcDispatcher' service executable path. You can use Windows Management Instrumentation Command-line (WMIC) and Service Control (sc) commands to identify services with unquoted paths that start automatically but do not reside in the Windows directory. For example, use the command: `wmic service get name,pathname,startmode | findstr /i "pdfcDispatcher"` to check the service path. Also, use `sc qc pdfcDispatcher` to query the service configuration and inspect if the executable path is unquoted and contains spaces. [3]

Mitigation Strategies

Immediate mitigation steps include correcting the unquoted service path by enclosing the executable path in quotes to prevent execution of malicious executables placed in the path. Additionally, ensure that only trusted users have local access to the system to prevent placing malicious executables. Applying the latest updates or patches from the vendor, or upgrading to a newer version of PDF Complete that addresses this issue, is also recommended. [2, 3]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2021-47896. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart