CVE-2023-53973
Privilege Escalation in Zillya Quarantine Module via Symlink Abuse
Publication date: 2025-12-22
Last updated on: 2025-12-22
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| zillya | total_security | 3.0.2367 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-266 | A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2023-53973 is a local privilege escalation vulnerability in Zillya Total Security 3.0.2367.0. It occurs because the quarantine module improperly allows low-privileged users to copy files to unauthorized system locations by exploiting symbolic link techniques. Attackers can restore quarantined files into restricted directories, potentially enabling system-level access through methods like DLL hijacking. [2, 3]
How can this vulnerability impact me? :
This vulnerability can allow an attacker with low privileges to gain system-level access by placing malicious files in protected system directories. This can lead to full system compromise, including unauthorized access to sensitive data, system integrity breaches, and disruption of availability through techniques such as DLL hijacking. [2, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring the quarantine module behavior of Zillya Total Security 3.0.2367.0 for unauthorized file restoration activities, especially involving symbolic links. Detection involves checking for symbolic links created by low-privileged users that redirect quarantined files to protected system directories. Specific commands are not provided in the resources, but monitoring symbolic links and quarantine restore operations on the system is recommended. [2, 3]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting unauthorized users from restoring files from the quarantine module and ensuring that restored files are only returned to their original locations. Additionally, processes running with SYSTEM privileges should not allow user interference, and user-side processes should operate with normal privileges to reduce risk. Since no fix or vendor response was available as of the disclosure date, applying these restrictions and monitoring for suspicious symbolic link usage is advised. [3]