exploitDog

CVE-2023-53973

Опубликовано: 22 дек. 2025

Источник: nvd

CVSS3: 8.4

CVSS3: 7.8

EPSS Низкий

Описание

Zillya Total Security 3.0.2367.0 contains a privilege escalation vulnerability that allows low-privileged users to copy files to unauthorized system locations using the quarantine module. Attackers can leverage symbolic link techniques to restore quarantined files to restricted directories, potentially enabling system-level access through techniques like DLL hijacking.

Ссылки

https://www.exploit-db.com/exploits/51151
Exploit
Third Party Advisory
https://www.vulncheck.com/advisories/zillya-total-security-local-privilege-escalation-via-quarantine-module
Third Party Advisory
https://zillya.com/
Product
https://www.exploit-db.com/exploits/51151
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:zillya:total_security:3.0.2367.0:*:*:*:*:*:*:*

EPSS

Процентиль: 6%

0.00025

Низкий

8.4 High

CVSS3

7.8 High

CVSS3

Дефекты

CWE-59

CWE-59

Связанные уязвимости

GHSA-w64x-6gx5-c298

CVSS3: 8.4

github

около 2 месяцев назад

Zillya Total Security 3.0.2367.0 contains a privilege escalation vulnerability that allows low-privileged users to copy files to unauthorized system locations using the quarantine module. Attackers can leverage symbolic link techniques to restore quarantined files to restricted directories, potentially enabling system-level access through techniques like DLL hijacking.

EPSS

Процентиль: 6%

0.00025

Низкий

8.4 High

CVSS3

7.8 High

CVSS3

Дефекты

CWE-59

CWE-59