关键漏洞信息 Advisory Title: Acer Updater Service 1.2.3500.0 - 'UpdaterService.exe' Unquoted Service Path Severity: HIGH Date: January 16, 2026 Affected Product: Acer Updater Service 1.2.3500.0 CVE ID: CVE-2021-47825 CWE ID: CWE-428 Unquoted Search Path or Element CVSS Score: 5.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Description: - The vulnerability allows local users to execute code with elevated system privileges by exploiting the unquoted path in to inject malicious executables run with LocalSystem permissions. References: - ExploitDB-49890 - Acer Official Homepage Credit: Emmanuel Lujan Affected Path: