CVE-2023-54353
Deferred Deferred - Pending Action

Unquoted Service Path in ChromaCam 4.0.3.0

Vulnerability report for CVE-2023-54353, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-06-19

Last updated on: 2026-06-23

Assigner: VulnCheck

Description

Chromacam 4.0.3.0 contains an unquoted service path vulnerability in the PsyFrameGrabberService that allows local attackers to execute arbitrary code by placing malicious executables in unquoted path directories. Attackers with write access to C:\ or subdirectories like C:\Program Files (x86)\Personify\ can place a malicious Program.exe or PsyFrameGrabberService.exe file that executes with LocalSystem privileges when the service starts automatically at boot.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-19
Last Modified
2026-06-23
Generated
2026-07-10
AI Q&A
2026-06-19
EPSS Evaluated
2026-07-08
NVD
EUVD

Affected Vendors & Products

Showing 2 associated CPEs
Vendor Product Version / Range
personify chromacam 4.0.3.0
personify chromacam to 4.0.3.0 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-428 The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2023-54353 is an unquoted service path vulnerability found in Chromacam version 4.0.3.0, specifically in the PsyFrameGrabberService. This vulnerability allows local attackers who have write access to certain directories on the system, such as C:\ or C:\Program Files (x86)\Personify\, to place malicious executable files. Because the service path is unquoted, the system may execute these malicious files with LocalSystem privileges when the service starts automatically at boot, enabling arbitrary code execution.

Impact Analysis

This vulnerability can have a significant impact because it allows an attacker with local write access to execute arbitrary code with LocalSystem privileges. This means the attacker can gain full control over the affected system, potentially leading to unauthorized access, data theft, system manipulation, or further malware installation.

Detection Guidance

This vulnerability can be detected by checking for unquoted service paths related to the PsyFrameGrabberService in Chromacam 4.0.3.0 or earlier versions. Specifically, you should inspect the service path for unquoted spaces that could allow execution of malicious executables placed by an attacker.

On a Windows system, you can use the following command to check the service path for PsyFrameGrabberService:

  • sc qc PsyFrameGrabberService

Look for unquoted paths in the output, especially paths containing spaces without surrounding quotes. Additionally, check for suspicious executable files named Program.exe or PsyFrameGrabberService.exe in directories like C:\ or C:\Program Files (x86)\Personify\ which could indicate exploitation attempts.

Mitigation Strategies

To mitigate this vulnerability, immediately restrict write access to the directories involved, such as C:\ and C:\Program Files (x86)\Personify\, to prevent attackers from placing malicious executables.

Additionally, update Chromacam to a version later than 4.0.3.0, as the vulnerability exists in version 4.0.3.0 and earlier. If an update is not available, manually correct the service path by quoting it properly to prevent execution of malicious files.

Finally, monitor the system for suspicious files named Program.exe or PsyFrameGrabberService.exe in the affected directories and remove any unauthorized files.

Compliance Impact

The provided information does not specify how the unquoted service path vulnerability in Chromacam 4.0.3.0 affects compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2023-54353. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart