Wondershare Dr. Fone Latest version as of 2021-12-06 is vulnerable to Incorrect Access Control. A normal user can send manually crafted packets to the ElevationService.exe and execute arbitrary code without any validation with SYSTEM privileges.
Security readout for executives and security teams
This CVE describes a Windows privilege-escalation flaw in Wondershare Dr.Fone. A standard local user could make the product’s ElevationService.exe run arbitrary code as SYSTEM. That turns a low-privilege foothold on an affected endpoint into full local control. Exposure is limited to Windows endpoints with Wondershare Dr.Fone installed, especially version 12.0.7 or builds current around 2021-12-06. The official affected-product metadata is incomplete, so inventory confirmation is required. Prioritize remediation on managed Windows workstations where Dr.Fone is installed. The issue enables full local privilege escalation, but available sources do not prove remote exploitation or active attacks. Mitigation focus: Inventory endpoints for Wondershare Dr.Fone and ElevationService.exe.; Remove Dr.Fone where it is not business-required.; Check Wondershare guidance for patched versions or supported remediation..
Prepared
Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.
Potential ATT&CK relevance
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
description · low confidence lookup
Execution behavior lookup
The CVE wording references code or command execution, so execution technique review may help defensive triage. This is a Glexia inferred lookup path, not an official MITRE, ATT&CK, or CVE Program mapping.
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.
0CVSS vectors
3Timeline events
1ADP providers
3Source links
Vulnerability timeline
Timeline events are normalized from CVE metadata, CNA source timelines, ADP timelines, and KEV metadata when present.
CVE reservedCVE Program
The CVE ID was reserved by the assigning CNA.
CVE publishedCVE Program
The CVE record was published.
Apr 29, 2022, 11:23 UTC (UTC+00:00)
CVE updatedCVE Program
The CVE record metadata indicates this as the latest update time.