CVE-2021-42923

HIGH

Showmypc - Uncontrolled Search Path

Title source: rule

Description

ShowMyPC 3606 on Windows suffers from a DLL hijack vulnerability. If an attacker overwrites the file %temp%\ShowMyPC\-ShowMyPC3606\wodVPN.dll, it will run any malicious code contained in that file. The code will run with normal user privileges unless the user specifically runs ShowMyPC as administrator.

References (2)

[Product, Vendor Advisory] http://showmypc.com

[Third Party Advisory] https://f20.be/cves/showmypc-cve-2021-42923

Scores

CVSS v3 7.3

EPSS 0.0006

EPSS Percentile 17.5%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Classification

CWE

CWE-427

Status published

Affected Products (1)

showmypc/showmypc

Timeline

Published Jul 18, 2022

Tracked Since Feb 18, 2026