CVE-2023-53946

HIGH

Arcsoft PhotoStudio 6.0.0.172 - Privilege Escalation

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-53946. PoCs published by msd0pe.

AI-analyzed exploit summary This exploit leverages an unquoted service path vulnerability in Arcsoft PhotoStudio 6.0.0.172 to escalate privileges to SYSTEM by placing a malicious executable in a path that Windows will execute due to improper quoting.

Description

Arcsoft PhotoStudio 6.0.0.172 contains an unquoted service path vulnerability in the ArcSoft Exchange Service that allows local attackers to escalate privileges. Attackers can place a malicious executable in the unquoted path and trigger the service to execute arbitrary code with system-level permissions.

Exploits (1)

exploitdb WORKING POC
by msd0pe · textlocalwindows
https://www.exploit-db.com/exploits/51393

This exploit leverages an unquoted service path vulnerability in Arcsoft PhotoStudio 6.0.0.172 to escalate privileges to SYSTEM by placing a malicious executable in a path that Windows will execute due to improper quoting.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Trivial
Reliability
Reliable
Target: Arcsoft PhotoStudio 6.0.0.172
Auth required
Prerequisites: Local access to the target system · Ability to write to C:\Program Files (x86)\Common.exe · Service restart or system reboot
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit, Third Party Advisory exploit
https://www.exploit-db.com/exploits/51393
Various Sources product
https://www.arcsoft.com/

Scores

CVSS v3 8.4
EPSS 0.0014
EPSS Percentile 3.2%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-428
Status published
Products (1)
Arcsoft/PhotoStudio < 6.0.0.172
Published Dec 19, 2025
Tracked Since Feb 18, 2026