CVE-2023-53965

HIGH

SOUND4 Server Service 4.1.102 - Privilege Escalation

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-53965. PoCs published by LiquidWorm.

AI-analyzed exploit summary This writeup describes an unquoted search path vulnerability in SOUND4 Server Service 4.1.102, which could allow local privilege escalation by exploiting the service's executable path. The vulnerability requires local access and the ability to place arbitrary code in the system root path.

Description

SOUND4 Server Service 4.1.102 contains an unquoted service path vulnerability that allows local non-privileged users to potentially execute code with elevated system privileges. Attackers can exploit the unquoted binary path by inserting malicious code in the system root path that could execute with LocalSystem privileges during service startup.

Exploits (1)

exploitdb WRITEUP

by LiquidWorm · textlocalwindows

https://www.exploit-db.com/exploits/51167

View Code ZIP pw:eip

This writeup describes an unquoted search path vulnerability in SOUND4 Server Service 4.1.102, which could allow local privilege escalation by exploiting the service's executable path. The vulnerability requires local access and the ability to place arbitrary code in the system root path.

Classification

Writeup 90%

Attack Type

Lpe

Complexity

Moderate

Reliability

Theoretical

Target: SOUND4 Server Service 4.1.102

Auth required

Prerequisites: local access · ability to write to system root path

MITRE ATT&CK

T1574.009 - Path Interception by Unquoted Path

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Exploit, Third Party Advisory exploit

https://www.exploit-db.com/exploits/51167

Product product

https://web.archive.org/web/20221207074555/https://www.sound4.com/

Third Party Advisory, Exploit third-party-advisory

https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5721.php

Third Party Advisory third-party-advisory

https://www.vulncheck.com/advisories/sound-server-service-local-privilege-escalation-via-unquoted-service-path

Scores

CVSS v3 8.4

EPSS 0.0020

EPSS Percentile 10.3%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-428

Status published

Products (15)

sound4/big_voice_firmware 4.1.102

sound4/first_firmware 4.1.102

sound4/impact_eco_firmware 4.1.102

sound4/impact_firmware 4.1.102

sound4/ip_connect_firmware 4.1.102

sound4/playout_ula8_firmware 4.1.102

sound4/pulse_eco_firmware 4.1.102

sound4/pulse_firmware 4.1.102

sound4/stream_x2_firmware 4.1.102

sound4/stream_x4_firmware 4.1.102

... and 5 more

Published Dec 22, 2025

Tracked Since Feb 18, 2026