CVE-2021-44596

Name of the Vulnerable Software and Affected Versions Wondershare LTD Dr. Fone as of 2021-12-06 version

Description The issue is related to remote code execution due to software design flaws. An unauthenticated user can communicate over UDP with the "InstallAssistService.exe" service, which runs under SYSTEM privileges, and manipulate it to execute malicious executables without validation from a remote location, gaining SYSTEM privileges.

Recommendations As a temporary workaround, consider disabling the "InstallAssistService.exe" service until a patch is available. Restrict access to the service to minimize the risk of exploitation. Avoid using the service for executing external executables until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.