top of page
perceptive_background_267k.jpg

Pingzapper 2.3.1 contains an unquoted service path vulnerability in the PingzapperSvc service that allows local attackers to potentially execute arbitrary code.…

Published:

20 januari 2026 om 23:00:00

Alert date:

21 januari 2026 om 19:12:52

Source:

nvd.nist.gov

Click to open the original link from this advisory

Operating Systems, Enterprise Applications

CVE-2021-47886 is an unquoted service path vulnerability in Pingzapper 2.3.1 affecting the PingzapperSvc service. The vulnerability allows local attackers to potentially execute arbitrary code by exploiting the unquoted path in 'C:\Program Files (x86)\Pingzapper\PZService.exe'. Attackers can inject malicious executables into the path to escalate privileges. This is a privilege escalation vulnerability that requires local access but can lead to full system compromise. The vulnerability has been documented with proof-of-concept exploits available.

Technical details

Mitigation steps:

Affected products:

Pingzapper

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2021-47886
https://pingzapper.com
https://pingzapper.com/download
https://www.exploit-db.com/exploits/49626
https://www.vulncheck.com/advisories/pingzapper-pingzappersvc-unquoted-service-path

Related CVE's:

Related threat actors:

IOC's:

C:\Program Files (x86)\Pingzapper\PZService.exe

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Deze website toont informatie afkomstig van externe bronnen; Perceptive aanvaardt geen verantwoordelijkheid voor de juistheid, volledigheid of actualiteit van deze informatie.

bottom of page