CVE-2023-53946
Unknown Unknown - Not Provided
Unquoted Service Path in ArcSoft Exchange Service Enables Privilege Escalation

Publication date: 2025-12-19

Last updated on: 2025-12-19

Assigner: VulnCheck

Description
Arcsoft PhotoStudio 6.0.0.172 contains an unquoted service path vulnerability in the ArcSoft Exchange Service that allows local attackers to escalate privileges. Attackers can place a malicious executable in the unquoted path and trigger the service to execute arbitrary code with system-level permissions.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-19
Last Modified
2025-12-19
Generated
2026-06-16
AI Q&A
2025-12-19
EPSS Evaluated
2026-06-14
NVD
CVE-2023-53946
EUVD
EUVD-2025-204607
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
arcsoft photostudio 6.0.0.172
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-428 The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2023-53946 is an unquoted service path vulnerability in Arcsoft PhotoStudio 6.0.0.172's ArcSoft Exchange Service. Because the service path is not enclosed in quotes, a local attacker can place a malicious executable in the unquoted path. When the service runs, it may execute this malicious code with system-level privileges, allowing the attacker to escalate their privileges on the system. [1, 2]

Impact Analysis

This vulnerability allows a local attacker to escalate their privileges to SYSTEM level by exploiting the unquoted service path. The attacker can execute arbitrary code with the highest system privileges, potentially gaining full control over the affected system, leading to unauthorized actions, data compromise, or system manipulation. [1, 2]

Detection Guidance

You can detect the vulnerability by checking for the unquoted service path of the 'ADExchange' service. Use the command `sc qc "ADExchange"` to query the service configuration and confirm the binary path. Additionally, you can use WMIC to filter services that start automatically and exclude those in the Windows directory to identify unquoted paths. For example, use WMIC commands to list services and inspect their paths for missing quotes. [2]

Mitigation Strategies

Immediate mitigation steps include placing quotes around the service path to prevent execution of malicious executables in unintended locations. You should also check for and remove any malicious executables placed in the unquoted path locations such as `C:\Program Files (x86)\Common.exe`. Restart the vulnerable service using `sc stop "ADExchange"` and `sc start "ADExchange"` or reboot the system after remediation to ensure changes take effect. [2]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2023-53946. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart