CVE-2023-53984

HIGH

Clevo HotKey Clipboard 2.1.0.6 - Code Injection

Title source: llm

Description

Clevo HotKey Clipboard 2.1.0.6 contains an unquoted service path vulnerability in the HKClipSvc service that allows local non-privileged users to potentially execute code with system privileges. Attackers can exploit the misconfigured service path to inject and execute arbitrary code by placing malicious executables in specific file system locations.

Exploits (1)

exploitdb WRITEUP

by Wim Jaap van Vliet · textlocalwindows

https://www.exploit-db.com/exploits/51206

View Code ZIP pw:eip

References (3)

[Various Sources] https://web.archive.org/web/20200713203236/https://www.clevo.com.tw/index-en.asp

[Third Party Advisory] https://www.vulncheck.com/advisories/hotkey-clipboard-privilege-escalation-unquoted-service-path

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/51206

Scores

CVSS v3 8.4

EPSS 0.0002

EPSS Percentile 4.6%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-428

Status published

Products (1)

clevo/HotKey Clipboard 2.1.0.6

Published Jan 13, 2026

Tracked Since Feb 18, 2026