Cyber Resilience

CVE-2021-47780

HighPublic PoC

Published: 16 January 2026

Published
16 January 2026
Modified
21 January 2026
KEV Added
Patch
CVSS Score v4 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0022 12.7th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2021-47780 is a high-severity Unquoted Search Path or Element (CWE-428) vulnerability in Macro-Expert Macro Expert. Its CVSS base score is 8.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Path Interception by Unquoted Path (T1574.009); ranked at the 12.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 CM-6 (Configuration Settings) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2021-47780 is an unquoted service path vulnerability in Macro Expert 4.7. The issue stems from an improperly configured service path, enabling local users to potentially execute arbitrary code with elevated system privileges. Attackers can inject malicious executables into the path, which are then run with LocalSystem permissions during service startup. It carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) and maps to CWE-428 (Unquoted Search Path).

The vulnerability can be exploited by local users with low privileges, requiring low attack complexity and no user interaction. An attacker gains the ability to execute code as LocalSystem upon service restart or boot, achieving high impacts on confidentiality, integrity, and availability, effectively compromising the entire system.

Advisories and resources include the Vulncheck advisory at https://www.vulncheck.com/advisories/macro-expert-unquoted-service-path, a proof-of-concept exploit at https://www.exploit-db.com/exploits/50431, and the vendor site at http://www.macro-expert.com/.

A publicly available exploit on Exploit-DB indicates potential for real-world local privilege escalation attacks against affected systems.

EU & UK References

Vulnerability details

Macro Expert 4.7 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the improperly configured service path to inject malicious executables that will be run with LocalSystem…

more

permissions during service startup.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1574.009 Path Interception by Unquoted Path Stealth
Adversaries may execute their own malicious payloads by hijacking vulnerable file path references.
T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Unquoted service path directly enables path interception for privilege escalation to LocalSystem via malicious executable placement in service binary path.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2022-50914Shared CWE-428
CVE-2020-36982Shared CWE-428
CVE-2020-36987Shared CWE-428
CVE-2021-47825Shared CWE-428
CVE-2020-37059Shared CWE-428
CVE-2020-36953Shared CWE-428
CVE-2022-50935Shared CWE-428
CVE-2021-47864Shared CWE-428
CVE-2020-37060Shared CWE-428
CVE-2019-25308Shared CWE-428

Affected Assets

macro-expert
macro expert
4.7

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Enforces secure configuration settings for services, including properly quoting executable paths to directly prevent exploitation of unquoted service path vulnerabilities.

prevent

Requires identification, reporting, and timely remediation of flaws like the unquoted service path vulnerability through patches or configuration fixes.

prevent

Mandates least privilege for service accounts, limiting the impact of arbitrary code execution gained via the unquoted service path.

References