CVE-2021-47787

HIGH

TotalAV <5.15.69 - Privilege Escalation

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2021-47787. PoCs published by Andrea Intilangelo.

AI-analyzed exploit summary This is a writeup describing an unquoted service path vulnerability (CWE-428) in TotalAV 5.15.69, which could allow local privilege escalation to SYSTEM. The vulnerability affects three services due to improper handling of paths with spaces.

Description

TotalAV 5.15.69 contains an unquoted service path vulnerability in multiple system services running with LocalSystem privileges. Attackers can place malicious executables in specific unquoted path segments to potentially gain SYSTEM-level access by exploiting the service path configuration.

Exploits (1)

exploitdb WRITEUP
by Andrea Intilangelo · textlocalwindows
https://www.exploit-db.com/exploits/50314

This is a writeup describing an unquoted service path vulnerability (CWE-428) in TotalAV 5.15.69, which could allow local privilege escalation to SYSTEM. The vulnerability affects three services due to improper handling of paths with spaces.

Classification
Writeup 100%
Attack Type
Lpe
Complexity
Trivial
Reliability
Reliable
Target: TotalAV 5.15.69
Auth required
Prerequisites: Local access to the system · Ability to write executables to the target paths
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit, Third Party Advisory, VDB Entry exploit
https://www.exploit-db.com/exploits/50314
Product product
https://www.totalav.com
Third Party Advisory third-party-advisory
https://www.vulncheck.com/advisories/totalav-unquoted-service-path

Scores

CVSS v3 7.8
EPSS 0.0023
EPSS Percentile 13.4%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact total

Details

CWE
CWE-428
Status published
Products (2)
totalav/totalav 5.15.69
Totalav/TotalAV 5.15.69
Published Jan 16, 2026
Tracked Since Feb 18, 2026