CVE-2021-45975 – This vulnerability in Acer Care Center allows l... (How to Fix)

Q: What is the severity of CVE-2021-45975?

CVE-2021-45975 has a CVSS score of 7.8 (HIGH). This vulnerability in Acer Care Center allows local attackers to perform DLL hijacking attacks by placing malicious DLL files on the system. When the vulnerable ListCheck.exe application launches, it loads the malicious DLL instead of legitimate ones, enabling arbitrary code execution with administrator privileges. This affects users running Acer Care Center 4.x versions before 4.00.3038 on Windows systems.

📋 TL;DR

This vulnerability in Acer Care Center allows local attackers to perform DLL hijacking attacks by placing malicious DLL files on the system. When the vulnerable ListCheck.exe application launches, it loads the malicious DLL instead of legitimate ones, enabling arbitrary code execution with administrator privileges. This affects users running Acer Care Center 4.x versions before 4.00.3038 on Windows systems.

💻 Affected Systems

Products:

Acer Care Center

Versions: 4.x versions before 4.00.3038

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Requires local access to place malicious DLL in a directory that ListCheck.exe searches before legitimate system directories.

📦 What is this software?

Care Center by Acer

View all CVEs affecting Care Center →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local attacker gains full system control with administrator privileges, enabling installation of persistent malware, data theft, and complete system compromise.

🟠

Likely Case

Local attacker escalates privileges from standard user to administrator, enabling installation of additional malware or credential theft.

🟢

If Mitigated

Attack fails due to proper file permissions, application whitelisting, or the system already being patched.

🌐 Internet-Facing: LOW - This is a local privilege escalation vulnerability requiring local access to the system.

🏢 Internal Only: HIGH - Any local user (including low-privileged accounts) can exploit this to gain administrator privileges on affected systems.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires local access but is straightforward once the attacker can place a malicious DLL in the appropriate directory.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 4.00.3038 or later

Vendor Advisory: https://community.acer.com/en/kb/articles/14757-acer-care-center-requires-an-update-to-resolve-a-security-vulnerability

Restart Required: Yes

Instructions:

1. Open Acer Care Center. 2. Check for updates in the application. 3. Install version 4.00.3038 or later. 4. Restart the system if prompted.

🔧 Temporary Workarounds

Remove vulnerable application

windows

Uninstall Acer Care Center if not needed

Control Panel > Programs > Uninstall a program > Select Acer Care Center > Uninstall

Restrict file permissions

windows

Set strict permissions on directories where ListCheck.exe runs to prevent DLL placement

icacls "C:\Program Files\Acer\Care Center" /deny Users:(OI)(CI)W

🧯 If You Can't Patch

Uninstall Acer Care Center completely from affected systems
Implement application whitelisting to prevent execution of ListCheck.exe

🔍 How to Verify

Check if Vulnerable:

Check Acer Care Center version: Open the application and look at the version number in About or Settings. If version is below 4.00.3038, the system is vulnerable.

Check Version:

wmic product where name="Acer Care Center" get version

Verify Fix Applied:

Verify Acer Care Center version is 4.00.3038 or higher after update installation.

📡 Detection & Monitoring

Log Indicators:

Windows Event Logs showing DLL loading from unusual locations
Process Monitor logs showing ListCheck.exe loading DLLs from non-system directories

Network Indicators:

No network indicators - this is a local attack

SIEM Query:

EventID=7 OR EventID=11 AND ProcessName="ListCheck.exe" AND ImageLoaded contains ".dll" AND NOT ImageLoaded contains "System32"

📊 Metadata

CVE ID: CVE-2021-45975

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-426

Published: January 26, 2022

Last Updated: November 21, 2024

🔗 References

https://acercsi.com Broken Link
https://aptw.tf/2022/01/20/acer-care-center-privesc.html Exploit,Third Party Advisory
https://community.acer.com/en/kb/articles/14757-acer-care-center-requires-an-update-to-resolve-a-security-vulnerability Vendor Advisory
https://acercsi.com Broken Link
https://aptw.tf/2022/01/20/acer-care-center-privesc.html Exploit,Third Party Advisory
https://community.acer.com/en/kb/articles/14757-acer-care-center-requires-an-update-to-resolve-a-security-vulnerability Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-45975, you might also want to check these: