CVE-2021-43460

HIGH

System Explorer 7.0.0 - Privilege Escalation

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2021-43460. PoCs published by Mohammed Alshehri.

AI-analyzed exploit summary This is a writeup describing an unquoted service path vulnerability in System Explorer 7.0.0, which could allow privilege escalation during system startup or reboot. The exploit details are conceptual, with no actual exploit code provided.

Description

An Unquoted Service Path vulnerability exists in System Explorer 7.0.0 via via a specially crafted file in the SystemExplorerHelpService service executable path.

Exploits (1)

exploitdb WRITEUP

by Mohammed Alshehri · textlocalwindows

https://www.exploit-db.com/exploits/49248

View Code ZIP pw:eip

This is a writeup describing an unquoted service path vulnerability in System Explorer 7.0.0, which could allow privilege escalation during system startup or reboot. The exploit details are conceptual, with no actual exploit code provided.

Classification

Writeup 90%

Attack Type

Lpe

Complexity

Trivial

Reliability

Theoretical

Target: System Explorer 7.0.0

Auth required

Prerequisites: Local access to the system · Ability to write to the vulnerable path

MITRE ATT&CK

T1574.009 - Path Interception by Unquoted Path

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Exploit, Third Party Advisory x_refsource_misc

https://github.com/M507/Miner

Exploit, Third Party Advisory, VDB Entry x_refsource_misc

https://www.exploit-db.com/exploits/49248

Third Party Advisory, VDB Entry x_refsource_misc

https://exchange.xforce.ibmcloud.com/vulnerabilities/193324

Scores

CVSS v3 7.8

EPSS 0.0045

EPSS Percentile 35.5%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-428

Status published

Products (1)

systemexplorer/system_explorer 7.0.0

Published Apr 04, 2022

Tracked Since Feb 18, 2026