Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for Launch Manager by Acer

    CVE-2019-25302 (GCVE-0-2019-25302)

    Vulnerability from nvd – Published: 2026-02-06 16:41 – Updated: 2026-02-06 20:00
    VLAI
    Title
    Acer Launch Manager 6.1.7600.16385 - 'DsiWMIService' Unquoted Service Path
    Summary
    Acer Launch Manager 6.1.7600.16385 contains an unquoted service path vulnerability in the DsiWMIService that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in C:\Program Files (x86)\Launch Manager\dsiwmis.exe to insert malicious code that would execute with system-level permissions during service startup.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-428 - Unquoted Search Path or Element
    Assigner
    Impacted products
    Vendor Product Version
    Acer Launch Manager Affected: 6.1.7600.16385
    Create a notification for this product.
    Date Public
    2019-11-03 00:00
    Credits
    Gustavo Briseño
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2019-25302",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-06T19:59:54.324307Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-06T20:00:24.847Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Launch Manager",
              "vendor": "Acer",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.1.7600.16385"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Gustavo Brise\u00f1o"
            }
          ],
          "datePublic": "2019-11-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Acer Launch Manager 6.1.7600.16385 contains an unquoted service path vulnerability in the DsiWMIService that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in C:\\Program Files (x86)\\Launch Manager\\dsiwmis.exe to insert malicious code that would execute with system-level permissions during service startup."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 8.5,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS"
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-428",
                  "description": "Unquoted Search Path or Element",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-06T16:41:37.484Z",
            "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
            "shortName": "VulnCheck"
          },
          "references": [
            {
              "name": "ExploitDB-47577",
              "tags": [
                "exploit"
              ],
              "url": "https://www.exploit-db.com/exploits/47577"
            },
            {
              "name": "Acer Official Website",
              "tags": [
                "product"
              ],
              "url": "https://www.acer.com/"
            },
            {
              "name": "VulnCheck Advisory: Acer Launch Manager 6.1.7600.16385 - \u0027DsiWMIService\u0027 Unquoted Service Path",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.vulncheck.com/advisories/acer-launch-manager-dsiwmiservice-unquoted-service-path"
            }
          ],
          "title": "Acer Launch Manager 6.1.7600.16385 - \u0027DsiWMIService\u0027 Unquoted Service Path",
          "x_generator": {
            "engine": "vulncheck"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "assignerShortName": "VulnCheck",
        "cveId": "CVE-2019-25302",
        "datePublished": "2026-02-06T16:41:37.484Z",
        "dateReserved": "2026-02-06T16:31:11.974Z",
        "dateUpdated": "2026-02-06T20:00:24.847Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2019-25302 (GCVE-0-2019-25302)

    Vulnerability from cvelistv5 – Published: 2026-02-06 16:41 – Updated: 2026-02-06 20:00
    VLAI
    Title
    Acer Launch Manager 6.1.7600.16385 - 'DsiWMIService' Unquoted Service Path
    Summary
    Acer Launch Manager 6.1.7600.16385 contains an unquoted service path vulnerability in the DsiWMIService that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in C:\Program Files (x86)\Launch Manager\dsiwmis.exe to insert malicious code that would execute with system-level permissions during service startup.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-428 - Unquoted Search Path or Element
    Assigner
    Impacted products
    Vendor Product Version
    Acer Launch Manager Affected: 6.1.7600.16385
    Create a notification for this product.
    Date Public
    2019-11-03 00:00
    Credits
    Gustavo Briseño
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2019-25302",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-06T19:59:54.324307Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-06T20:00:24.847Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Launch Manager",
              "vendor": "Acer",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.1.7600.16385"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Gustavo Brise\u00f1o"
            }
          ],
          "datePublic": "2019-11-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Acer Launch Manager 6.1.7600.16385 contains an unquoted service path vulnerability in the DsiWMIService that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in C:\\Program Files (x86)\\Launch Manager\\dsiwmis.exe to insert malicious code that would execute with system-level permissions during service startup."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 8.5,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS"
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-428",
                  "description": "Unquoted Search Path or Element",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-06T16:41:37.484Z",
            "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
            "shortName": "VulnCheck"
          },
          "references": [
            {
              "name": "ExploitDB-47577",
              "tags": [
                "exploit"
              ],
              "url": "https://www.exploit-db.com/exploits/47577"
            },
            {
              "name": "Acer Official Website",
              "tags": [
                "product"
              ],
              "url": "https://www.acer.com/"
            },
            {
              "name": "VulnCheck Advisory: Acer Launch Manager 6.1.7600.16385 - \u0027DsiWMIService\u0027 Unquoted Service Path",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.vulncheck.com/advisories/acer-launch-manager-dsiwmiservice-unquoted-service-path"
            }
          ],
          "title": "Acer Launch Manager 6.1.7600.16385 - \u0027DsiWMIService\u0027 Unquoted Service Path",
          "x_generator": {
            "engine": "vulncheck"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "assignerShortName": "VulnCheck",
        "cveId": "CVE-2019-25302",
        "datePublished": "2026-02-06T16:41:37.484Z",
        "dateReserved": "2026-02-06T16:31:11.974Z",
        "dateUpdated": "2026-02-06T20:00:24.847Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }