Home

Description

SOUND4 Server Service 4.1.102 contains an unquoted service path vulnerability that allows local non-privileged users to potentially execute code with elevated system privileges. Attackers can exploit the unquoted binary path by inserting malicious code in the system root path that could execute with LocalSystem privileges during service startup.

PUBLISHED Reserved 2025-12-19 | Published 2025-12-22 | Updated 2025-12-22 | Assigner VulnCheck




HIGH: 8.6CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
HIGH: 8.4CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Problem types

Unquoted Search Path or Element

Product status

4.1.102
affected

Credits

LiquidWorm as Gjoko Krstic of Zero Science Lab finder

References

www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5721.php exploit

www.exploit-db.com/exploits/51167 (ExploitDB-51167) exploit

web.archive.org/web/20221207074555/https://www.sound4.com/ (SOUND4 Official Website) product

www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5721.php (Zero Science Lab Disclosure (ZSL-2022-5721)) third-party-advisory

www.vulncheck.com/...ge-escalation-via-unquoted-service-path (VulnCheck Advisory: SOUND4 Server Service 4.1.102 Local Privilege Escalation via Unquoted Service Path) third-party-advisory

cve.org (CVE-2023-53965)

nvd.nist.gov (CVE-2023-53965)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.