CVE-2023-53973 – This vulnerability in Zillya Total Security all... (How to Fix)

Q: What is the severity of CVE-2023-53973?

CVE-2023-53973 has a CVSS score of 8.4 (HIGH). This vulnerability in Zillya Total Security allows low-privileged users to escalate privileges by exploiting the quarantine module's file restoration process. Attackers can use symbolic links to copy quarantined files to restricted system directories, potentially enabling DLL hijacking attacks. Only users with local access to systems running the vulnerable software are affected.

📋 TL;DR

This vulnerability in Zillya Total Security allows low-privileged users to escalate privileges by exploiting the quarantine module's file restoration process. Attackers can use symbolic links to copy quarantined files to restricted system directories, potentially enabling DLL hijacking attacks. Only users with local access to systems running the vulnerable software are affected.

💻 Affected Systems

Products:

Zillya Total Security

Versions: 3.0.2367.0

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Requires low-privileged user account on the system. The quarantine module must be present and functional.

📦 What is this software?

Total Security by Zillya

View all CVEs affecting Total Security →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise through DLL hijacking leading to SYSTEM-level access, enabling installation of persistent malware, credential theft, and lateral movement.

🟠

Likely Case

Local privilege escalation allowing attackers to execute arbitrary code with elevated privileges, bypass security controls, and access sensitive system resources.

🟢

If Mitigated

Limited impact if proper access controls, application whitelisting, and privilege separation are implemented, though the vulnerability still provides attack surface.

🌐 Internet-Facing: LOW - This is a local privilege escalation vulnerability requiring local system access.

🏢 Internal Only: HIGH - Any user with local access to vulnerable systems can potentially exploit this to gain elevated privileges.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: CONFIRMED

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploit code is publicly available on Exploit-DB. Requires local access and low-privileged user account. Symbolic link techniques are well-documented and relatively easy to implement.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://zillya.com/

Restart Required: No

Instructions:

1. Check Zillya website for security updates. 2. Update to latest version if available. 3. Monitor vendor communications for patch release.

🔧 Temporary Workarounds

Disable quarantine module

windows

Temporarily disable the quarantine functionality in Zillya Total Security to prevent exploitation

Restrict symbolic link creation

windows

Configure Windows security policy to restrict creation of symbolic links to privileged users only

secedit /export /cfg secpol.cfg
Edit secpol.cfg to set 'Create symbolic links' to Administrators only
secedit /configure /db secpol.sdb /cfg secpol.cfg

🧯 If You Can't Patch

Implement strict access controls to limit local user accounts and privileges
Deploy application whitelisting to prevent unauthorized DLL loading and execution

🔍 How to Verify

Check if Vulnerable:

Check Zillya Total Security version in About section or via Programs and Features. If version is 3.0.2367.0, system is vulnerable.

Check Version:

wmic product where name='Zillya Total Security' get version

Verify Fix Applied:

Verify Zillya Total Security has been updated to a version later than 3.0.2367.0. Test symbolic link creation and quarantine restoration functionality.

📡 Detection & Monitoring

Log Indicators:

Unusual file operations in system directories
Multiple quarantine restoration attempts
Symbolic link creation by non-admin users

Network Indicators:

None - this is a local privilege escalation vulnerability

SIEM Query:

EventID=4663 AND ObjectName LIKE '%\Windows\System32\%' AND ProcessName LIKE '%zillya%'

📊 Metadata

CVE ID: CVE-2023-53973

CVSS v3 Score: 8.4 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-59

EPSS Score: 0.03% exploit probability (9.2th percentile)

Published: December 22, 2025

Last Updated: January 3, 2026

🔗 References

https://www.exploit-db.com/exploits/51151 Exploit,Third Party Advisory
https://www.vulncheck.com/advisories/zillya-total-security-local-privilege-escalation-via-quarantine-module Third Party Advisory
https://zillya.com/ Product
https://www.exploit-db.com/exploits/51151 Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-53973, you might also want to check these: