← Advisories

SOUND4 Server Service 4.1.102 Local Privilege Escalation

Low
Advisory ID
ZSL-2022-5721
Release Date
14 December 2022
Vendor
SOUND4 Ltd. - https://www.sound4.com, https://www.sound4.biz
Affected Version
4.1.102
CVE
CVE-2023-53965
Tested On
Windows 10 Home 64 bit (build 9200), SOUND4 Server v4.1.102, SOUND4 Remote Control v4.3.17
Summary

SOUND4 Windows Server Service.

Description

The application suffers from an unquoted search path issue impacting the service 'SOUND4 Server' for Windows. This could potentially allow an authorized but non-privileged local user to execute arbitrary code with elevated privileges on the system. A successful attempt would require the local user to be able to insert their code in the system root path undetected by the OS or other security applications where it could potentially be executed during application startup or reboot. If successful, the local user's code would execute with the elevated privileges of the application.

Proof of Concept
sound4_eop.txtTXT
Disclosure Timeline
26.09.2022Vulnerability discovered.
30.09.2022Vendor contacted.
13.12.2022No response from the vendor.
14.12.2022Public security advisory released.
Credits
Vulnerability discovered by Gjoko Krstic
References
[1]https://packetstormsecurity.com/files/170248/SOUND4-Server-Service-4.1.102-Local-Privilege-Escalation.html
[2]https://cxsecurity.com/issue/WLB-2022120028
[3]https://exchange.xforce.ibmcloud.com/vulnerabilities/247953
[4]https://www.exploit-db.com/exploits/51167
[5]https://www.cve.org/CVERecord?id=CVE-2023-53965
[6]https://www.vulncheck.com/advisories/sound-server-service-local-privilege-escalation-via-unquoted-service-path
Changelog
14.12.2022Initial release
28.12.2022Added reference [1] and [2]
20.04.2023Added reference [3] and [4]
24.12.2025Added reference [5] and [6]