Vulnerability: Softros LAN Messenger 9.6.4 - 'SoftrosSpellChecker' Unquoted Service Path Severity: High Date: January 22, 2026 Affected Version: Softros LAN Messenger 9.6.4 CVE ID: CVE-2021-47889 CWE: CWE-428 Unquoted Search Path or Element CVSS V4 Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N References: - ExploitDB-49588 - Vendor Homepage Credit: Victor Mondragón Description: Softros LAN Messenger 9.6.4 contains an unquoted service path vulnerability in the SoftrosSpellChecker service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files (x86)\Softros Systems\Softros Messenger\Spell Checker' to inject malicious executables and escalate privileges.