CVE-2023-53912

MEDIUM

USB Flash Drives Control 4.1.0.0 - Code Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-53912. PoCs published by Jeffrey Bencteux.

AI-analyzed exploit summary This is a writeup demonstrating an unquoted service path vulnerability in USB Flash Drives Control 4.1.0.0. The exploit shows how the service path is vulnerable due to spaces in the path, which could allow local privilege escalation if an attacker can place a malicious executable in the path.

Description

USB Flash Drives Control 4.1.0.0 contains an unquoted service path vulnerability in its service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files\USB Flash Drives Control\usbcs.exe' to inject malicious executables and escalate privileges on Windows systems.

Exploits (1)

exploitdb WRITEUP

by Jeffrey Bencteux · textlocalwindows

https://www.exploit-db.com/exploits/51508

View Code ZIP pw:eip

This is a writeup demonstrating an unquoted service path vulnerability in USB Flash Drives Control 4.1.0.0. The exploit shows how the service path is vulnerable due to spaces in the path, which could allow local privilege escalation if an attacker can place a malicious executable in the path.

Classification

Writeup 90%

Attack Type

Lpe

Complexity

Trivial

Reliability

Theoretical

Target: USB Flash Drives Control 4.1.0.0

Auth required

Prerequisites: Local access to the system · Ability to write to the root of C:\ or another location in the unquoted path

MITRE ATT&CK

T1574.009 - Path Interception by Unquoted Path

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Exploit, Third Party Advisory exploit

https://www.exploit-db.com/exploits/51508

Various Sources product

https://binisoft.org/

Third Party Advisory third-party-advisory

https://www.vulncheck.com/advisories/usb-flash-drives-control-unquoted-service-path-privilege-escalation

Scores

CVSS v3 6.2

EPSS 0.0012

EPSS Percentile 2.1%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-428

Status published

Products (1)

BiniSoft/USB Flash Drives Control 4.1.0.0

Published Dec 17, 2025

Tracked Since Feb 18, 2026