HotKey Clipboard 2.1.0.6 - Privilege Escalation Unquoted Service Path | Advisories

Advisories

HotKey Clipboard 2.1.0.6 - Privilege Escalation Unquoted Service Path

severity: high
date: January 13, 2026
Affecting: HotKey Clipboard 2.1.0.6
CVE: CVE-2023-53984
CWE: CWE-428 Unquoted Search Path or Element
CVSS: 8.5
CVSS V4 Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
References: ExploitDB-51206
Archived Vendor Homepage
Credit: Wim Jaap van Vliet
Description: Clevo HotKey Clipboard 2.1.0.6 contains an unquoted service path vulnerability in the HKClipSvc service that allows local non-privileged users to potentially execute code with system privileges. Attackers can exploit the misconfigured service path to inject and execute arbitrary code by placing malicious executables in specific file system locations.