Acer Control Center Flaw Lets Attackers Run Malicious Code as Elevated User

A critical security flaw (CVE-2025-5491) in Acer ControlCenter allows remote attackers to execute arbitrary code with NT AUTHORITY\SYSTEM privileges via a misconfigured Windows Named Pipe.

The vulnerability, rated 8.8 on the CVSS scale, stems from insecure permissions on a custom protocol pipe exposed by the ACCSvc.exe service.

Acer has released patched versions (4.00.3058+) to address the issue.

Technical Analysis

The ACCSvc.exe service, running with SYSTEM privileges, creates a Windows Named Pipe (\\.\pipe\ACCsvcPipe) to facilitate inter-process communication.

Named pipes are kernel objects that enable data transfer between processes, but their security depends on properly configured access control lists (ACLs).

In this case, the pipe’s ACL granted Read/Write access to unauthenticated users, violating Microsoft’s security guidelines.

cpp// Simplified example of vulnerable pipe creation (hypothetical)
HANDLE hPipe = CreateNamedPipe(
    L"\\\\.\\pipe\\ACCsvcPipe",
    PIPE_ACCESS_DUPLEX,
    PIPE_TYPE_MESSAGE | PIPE_WAIT,
    PIPE_UNLIMITED_INSTANCES,
    4096,
    4096,
    0 ...