CVE-2021-35482: 
Barco MirrorOp Windows Sender vulnerability analysis and mitigation

An issue was discovered in Barco MirrorOp Windows Sender before version 2.5.4.70, identified as CVE-2021-35482. The vulnerability allows an attacker in the local network to achieve Remote Code Execution (RCE) with user privileges of the local user on any device that attempts to connect to a WePresent presentation system (NVD).

The vulnerability has been assigned a CVSS v3.1 Base Score of 7.8 (HIGH) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. The attack requires local access, low attack complexity, and low privileges, with no user interaction needed. The scope is unchanged, but the impact on confidentiality, integrity, and availability is high (NVD).

The vulnerability allows attackers to execute arbitrary code with the privileges of the local user on affected systems. This could lead to unauthorized access to user data, modification of system files, and potential system compromise within the scope of the user's permissions (NVD).

Barco has released version 2.5.4.70 of MirrorOp Windows Sender to address this vulnerability. The security update disables the remote control mechanism after app upgrade to prevent unrecognized devices from controlling the sender side remotely without user's permission (Barco Release Notes).