CVE-2023-53949
Unknown Unknown - Not Provided
Binary Permission Vulnerability in AspEmail 5.6.0.2 Enables Privilege Escalation

Publication date: 2025-12-19

Last updated on: 2025-12-19

Assigner: VulnCheck

Description
AspEmail 5.6.0.2 contains a binary permission vulnerability that allows local users to escalate privileges through the Persits Software EmailAgent service. Attackers can exploit full write permissions in the BIN directory to replace the service executable and gain elevated system access.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-19
Last Modified
2025-12-19
Generated
2026-06-16
AI Q&A
2025-12-19
EPSS Evaluated
2026-06-14
NVD
CVE-2023-53949
EUVD
EUVD-2025-204603
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
persits_software emailagent *
persits_software aspemail 5.6.0.2
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-732 The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2023-53949 is a local privilege escalation vulnerability in AspEmail 5.6.0.2 caused by insecure permissions on the BIN directory where the Persits Software EmailAgent service binaries reside. Local users have full write permissions to this directory, allowing them to replace the legitimate service executable with a malicious one. When the service restarts, the malicious executable runs with elevated LocalSystem privileges, enabling the attacker to gain full control over the system. [2, 3]

Impact Analysis

This vulnerability allows an attacker with local access to escalate their privileges to LocalSystem by replacing the EmailAgent service executable with a trojanized version. The attacker can execute arbitrary code with high system privileges, potentially leading to full system compromise, unauthorized data access, persistence on the system, and evasion of detection by disguising the malicious executable as the original. [2, 3]

Detection Guidance

You can detect this vulnerability by checking the permissions of the BIN directory where the AspEmail EmailAgent service binaries reside, typically at C:\Program Files (x86)\Persits Software\AspEmail\BIN. Look for overly permissive write permissions granted to 'Everyone' or non-administrative users. Commands to check permissions include: 1) Using PowerShell: Get-Acl 'C:\Program Files (x86)\Persits Software\AspEmail\BIN' | Format-List 2) Using icacls: icacls "C:\Program Files (x86)\Persits Software\AspEmail\BIN" 3) To check running service and process: sc query "Persits Software EmailAgent" and tasklist /FI "IMAGENAME eq EmailAgent.exe" or EmailAgent64.exe. If the BIN directory has full write permissions for non-admin users, the system is vulnerable. [2, 3]

Mitigation Strategies

Immediate mitigation steps include: 1) Restrict write permissions on the BIN directory of the AspEmail installation to prevent non-administrative users from modifying or replacing service executables. Remove 'Everyone' or any non-admin full control permissions. 2) Stop the Persits Software EmailAgent service before applying permission changes. 3) After correcting permissions, restart the service to ensure it runs with the correct binaries. 4) Review and monitor the BIN directory for unauthorized changes. 5) Consider applying any available updates or patches from the vendor that address this issue. These steps prevent unauthorized replacement of the EmailAgent.exe executable and block privilege escalation. [2, 3]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2023-53949. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart