CVE-2023-32163: 
Wacom Tablet Driver vulnerability analysis and mitigation

A local privilege escalation vulnerability (CVE-2023-32163) was discovered in Wacom Drivers for Windows, specifically affecting version 6.3.45-1. The vulnerability was initially reported on August 4, 2022, and was publicly disclosed on May 26, 2023, as a zero-day vulnerability after multiple unsuccessful attempts to get an update from the vendor (ZDI Advisory).

The vulnerability exists within the Tablet Service component of Wacom Drivers for Windows. The specific flaw is related to link following (CWE-59) where an attacker can abuse the service to create a file by creating a symbolic link. The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (High) with the vector string AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, indicating local access requirements with low attack complexity (NVD).

If successfully exploited, this vulnerability allows an attacker to escalate privileges and execute arbitrary code in the context of SYSTEM. This means an attacker could gain full control over the affected system, but they must first obtain the ability to execute low-privileged code on the target system (ZDI Advisory).

According to the Zero Day Initiative, given the nature of the vulnerability, the only salient mitigation strategy is to restrict interaction with the application. No official patch was available at the time of disclosure (ZDI Advisory).