CVE-2021-35448

HIGH

Emote Interactive Remote Mouse 3.008 - RCE

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2021-35448. PoCs published by Salman Asad.

AI-analyzed exploit summary This exploit leverages a local privilege escalation vulnerability in Remote Mouse GUI 3.008 by manipulating the 'Image Transfer Folder' setting to spawn a command prompt with Administrator privileges. The attack involves bypassing the file dialog to execute arbitrary commands.

Description

Emote Interactive Remote Mouse 3.008 on Windows allows attackers to execute arbitrary programs as Administrator by using the Image Transfer Folder feature to navigate to cmd.exe. It binds to local ports to listen for incoming connections.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Salman Asad · textlocalwindows
https://www.exploit-db.com/exploits/50047

This exploit leverages a local privilege escalation vulnerability in Remote Mouse GUI 3.008 by manipulating the 'Image Transfer Folder' setting to spawn a command prompt with Administrator privileges. The attack involves bypassing the file dialog to execute arbitrary commands.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Trivial
Reliability
Reliable
Target: Remote Mouse GUI 3.008
Auth required
Prerequisites: Local access to the system · Remote Mouse application installed and running
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit, Third Party Advisory x_refsource_misc
https://deathflash.ml/blog/remote-mouse-lpe
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
https://www.exploit-db.com/exploits/50047
Exploit, Third Party Advisory x_refsource_misc
https://leobreaker1411.github.io/blog/cve-2021-35448

Scores

CVSS v3 7.8
EPSS 0.0104
EPSS Percentile 59.7%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-269
Status published
Products (1)
remotemouse/emote_interactive_studio 3.008
Published Jun 24, 2021
Tracked Since Feb 18, 2026