CVE-2021-47985

Description

Brother SAPSprint 7.60 contains an unquoted service path vulnerability in the SAPSprint service binary that allows local attackers to escalate privileges. Attackers can place a malicious executable in the Program Files directory path to be executed with LocalSystem privileges when the service starts automatically.

References

• https://brother.com/
• https://www.exploit-db.com/exploits/50061
• https://www.vulncheck.com/advisories/brother-sapsprint-unquoted-service-path-privilege-escalation