CVE-2023-54353

HIGH NVD

CVSS Score 7.8

Severity HIGH

Published Jun 19, 2026

Vendor unknown

Description

Chromacam 4.0.3.0 contains an unquoted service path vulnerability in the PsyFrameGrabberService that allows local attackers to execute arbitrary code by placing malicious executables in unquoted path directories. Attackers with write access to C:\ or subdirectories like C:\Program Files (x86)\Personify\ can place a malicious Program.exe or PsyFrameGrabberService.exe file that executes with LocalSystem privileges when the service starts automatically at boot.

References

https://personifyinc.com/
https://personifyinc.com/download/chromacam
https://www.exploit-db.com/exploits/51210
https://www.vulncheck.com/advisories/chromacam-unquoted-service-path-privilege-escalation