Description
A security vulnerability has been identified in Acer Care Center where the ACCSvc service creates a Named Pipe with a weak Security Descriptor. This vulnerability allows an authenticated local user to connect and send a specially crafted message (message type 0x03) to the pipe, causing the service to crash with exit code 1067 (ERROR_PROCESS_ABORTED). To mitigate this potential local service disruption, Acer requires users to update the software to the latest version.
Published: 2026-05-25
Score: 6.8 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Acer Care Center exposes a local attack vector where a named pipe is created with an overly permissive security descriptor. The ACCSvc service accepts a message type 0x03 on this pipe and will terminate with exit code 1067 (ERROR_PROCESS_ABORTED) when it receives a specially crafted payload. This flaw permits any authenticated local user to connect to the pipe, send the malicious message and force the service to crash, resulting in service disruption for other users who rely on Acer Care Center functionality. The vulnerability is classified under CWE-269, which indicates an improper privilege or permission assignment.

Affected Systems

Acer Care Center is the affected product. Versions prior to the latest update 4.00.3060 are vulnerable; the update is applied by installing version 4.00.3060 as published by Acer.

Risk and Exploitability

The CVSS score of 6.8 signals moderate severity. Exploitation requires local user authentication and does not depend on network exposure or elevated privileges beyond those of a regular user. The EPSS score is not available, and the issue is not listed in the CISA KEV catalog, indicating no confirmed exploitation at this time. Nevertheless, the impact on availability makes it a valuable target for malicious actors with local access.

Generated by OpenCVE AI on May 25, 2026 at 09:21 UTC.

Remediation

Vendor Solution

Please update to v4.00.3060.

OpenCVE Recommended Actions

  • Update Acer Care Center to version 4.00.3060, which removes the vulnerable named pipe creation and corrects the security descriptor.
  • Configure the ACCSvc service to run with the minimum privileges required and restrict local user access where feasible.
  • Monitor system logs for ACCSvc crash events (exit code 1067) and enforce a quick restart or remediation policy if repeated failures are detected.

Generated by OpenCVE AI on May 25, 2026 at 09:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 04 Jun 2026 20:00:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:acer:care_center:*:*:*:*:*:*:*:*
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

Tue, 26 May 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 25 May 2026 09:45:00 +0000

Type Values Removed Values Added
First Time appeared Acer
Acer care Center
Vendors & Products Acer
Acer care Center

Mon, 25 May 2026 08:15:00 +0000

Type Values Removed Values Added
Description A security vulnerability has been identified in Acer Care Center where the ACCSvc service creates a Named Pipe with a weak Security Descriptor. This vulnerability allows an authenticated local user to connect and send a specially crafted message (message type 0x03) to the pipe, causing the service to crash with exit code 1067 (ERROR_PROCESS_ABORTED). To mitigate this potential local service disruption, Acer requires users to update the software to the latest version.
Title Acer Care Center creates a Named Pipe with a weak Security Descriptor
Weaknesses CWE-269
References
Metrics cvssV4_0

{'score': 6.8, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/RE:M'}

Subscriptions

Acer Care Center
cve-icon MITRE

Status: PUBLISHED

Assigner: Acer

Published:

Updated: 2026-05-26T14:43:23.306Z

Reserved: 2026-05-25T01:34:19.934Z

Link: CVE-2026-9490

cve-icon Vulnrichment

Updated: 2026-05-26T14:43:18.840Z

cve-icon NVD

Status : Analyzed

Published: 2026-05-25T08:16:26.053

Modified: 2026-06-04T19:52:49.680

Link: CVE-2026-9490

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-25T09:30:21Z

Weaknesses
  • CWE-269

    Improper Privilege Management