CVE-2023-32353

HIGH

iTunes < 12.12.9 - Privilege Escalation

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-32353. PoCs published by 86x.

AI-analyzed exploit summary This repository contains a proof-of-concept exploit for CVE-2023-32353, focusing on privilege escalation via a Windows Music Player vulnerability. The code includes utilities for file operations, directory object manipulation, and symbolic link handling, suggesting a local privilege escalation (LPE) attack.

Description

A logic issue was addressed with improved checks. This issue is fixed in iTunes 12.12.9 for Windows. An app may be able to elevate privileges.

Exploits (1)

nomisec WORKING POC 34 stars

by 86x · poc

https://github.com/86x/CVE-2023-32353-PoC

View Code ZIP pw:eip

This repository contains a proof-of-concept exploit for CVE-2023-32353, focusing on privilege escalation via a Windows Music Player vulnerability. The code includes utilities for file operations, directory object manipulation, and symbolic link handling, suggesting a local privilege escalation (LPE) attack.

Classification

Working Poc 90%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: Windows Music Player (specific version not specified)

Auth required

Prerequisites: Local access to the target system · Ability to execute arbitrary code on the target system

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Release Notes, Vendor Advisory

https://support.apple.com/en-us/HT213763

Scores

CVSS v3 7.8

EPSS 0.0066

EPSS Percentile 46.6%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-863

Status published

Products (1)

apple/itunes < 12.12.9

Published Jun 23, 2023

Tracked Since Feb 18, 2026