CVE-2018-10169

CVE-2018-10169

ProtonVPN 1.3.3 for Windows suffers from a SYSTEM privilege escalation vulnerability through the "ProtonVPN Service" service. This service establishes an NetNamedPipe endpoint that allows arbitrary installed applications to connect and call publicly exposed methods. The "Connect" method accepts a class instance argument that provides attacker control of the OpenVPN command line. An attacker can specify a dynamic library plugin that should run for every new VPN connection. This plugin will execute code in the context of the SYSTEM user.

Source: CVE-2018-10169

답글 남기기

이메일 주소는 공개되지 않습니다. 필수 필드는 *로 표시됩니다