VULNERABILITY DETAILS
The Acer ControlCenter solution contains a component running as a service as the NT AUTHORITY\SYSTEM user. This process exposes a Windows Named Pipe using a custom protocol to invoke functions within the service. The service does not restrict which executables may be run, nor does it prevent lower privileged users from interacting with the aforementioned Named Pipe while allowing callers to control flags that determine the user level an arbitrary binary will run as.
One of the commands supported in service over the Named Pipe makes it possible to invoke arbitrary binaries from a low privileged user in an elevated context.
Impact Scope
Acer Control Center Software
Resolution
Acer has released a new version of Acer Control Center to address this concern. You can find the latest version of Acer Control Center for your device on our Drivers and Manuals site.
Credit
Acer thanks Leon Jacobs at Orange Cyber Defense for reporting this issue.
Disclaimer
THE ABOVE INFORMATION IS PROVIDED "AS IS" IN CONNECTION WITH ACER AND INTEL® PRODUCTS. YOUR USE OF THE INFORMATION OR MATERIALS LINKED FROM THIS PAGE IS AT YOUR OWN RISK. ACER RESERVES THE RIGHT TO CHANGE OR UPDATE THIS PAGE AT ANY TIME.
