CVE-2021-47809 in Disk Sorter Enterprise
Summary
by MITRE • 01/16/2026
Disk Sorter Enterprise 13.6.12 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files\Disk Sorter Enterprise\bin\disksrs.exe' to inject malicious executables and escalate privileges.
Once again VulDB remains the best source for vulnerability data.
Analysis
by VulDB Data Team • 01/16/2026
The vulnerability identified as CVE-2021-47809 represents a critical security flaw in Disk Sorter Enterprise version 13.6.12 that stems from improper service path configuration on Windows systems. This issue manifests as an unquoted service path vulnerability that occurs when the Windows service configuration does not properly quote the executable path, creating a dangerous condition that can be exploited by local attackers. The affected service path C:\Program Files\Disk Sorter Enterprise\bin\disksrs.exe lacks proper quotation marks around the path, allowing the Windows service manager to interpret the path components separately and potentially execute unintended executables.
This vulnerability falls under the Common Weakness Enumeration category CWE-428, which specifically addresses the issue of unquoted service paths in Windows environments. The flaw enables attackers to place malicious executables in directories that are searched before the legitimate service executable, exploiting the Windows service resolution mechanism. When the system attempts to start the Disk Sorter service, it follows the path components sequentially and may execute a malicious file that has been placed in a directory earlier in the search path, particularly in the Program Files directory where the legitimate executable resides.
The operational impact of this vulnerability is significant as it provides local attackers with a potential privilege escalation vector that could lead to arbitrary code execution on the target system. An attacker with local access can exploit this weakness by creating a malicious executable with the same name as a directory component in the unquoted path, thereby intercepting the service execution flow. This type of vulnerability is particularly dangerous because it requires minimal privileges to exploit and can potentially allow attackers to elevate their access level to that of the service account or even SYSTEM level access depending on the service configuration.
The attack surface for this vulnerability is broad as it affects all Windows systems running Disk Sorter Enterprise 13.6.12 where the service is installed with the vulnerable configuration. According to the ATT&CK framework, this vulnerability aligns with the technique T1068, which involves exploiting legitimate credentials and privileges to gain access to systems. The vulnerability also maps to T1543, which covers the modification of service configuration, and T1059, which covers execution through command and scripting interpreters. The exploitation process typically involves placing a malicious binary in the Program Files directory or a subdirectory that Windows will search before the legitimate executable, effectively hijacking the service execution flow.
Mitigation strategies for CVE-2021-47809 should focus on proper service path configuration and system hardening practices. The most effective immediate fix involves modifying the Windows service configuration to properly quote the executable path, ensuring that the entire path is treated as a single entity. System administrators should also implement the principle of least privilege by ensuring that service accounts have minimal necessary permissions and that the service is configured to run under a dedicated low-privilege account. Additionally, regular security audits should verify that no unquoted paths exist in service configurations, and endpoint protection solutions should be configured to monitor for suspicious file creation patterns in Program Files directories. The vulnerability also underscores the importance of keeping software updated, as newer versions of Disk Sorter Enterprise should address this configuration issue through proper service path handling.