Lucene search
MitreCVELIST:CVE-2018-11479HistoryMay 25, 2018 - 7:00 p.m.
CVE-2018-11479
2018-05-2519:00:00
mitre
www.cve.org
1
EPSS
0.002
Percentile
54.8%
The VPN component in Windscribe 1.81 uses the OpenVPN client for connections. Also, it creates a WindScribeService.exe system process that establishes a \.\pipe\WindscribeService named pipe endpoint that allows the Windscribe VPN process to connect and execute an OpenVPN process or other processes (like taskkill, etc.). There is no validation of the program name before constructing the lpCommandLine argument for a CreateProcess call. An attacker can run any malicious process with SYSTEM privileges through this named pipe.
Related
metasploit
metasploit
Windscribe WindscribeService Named Pipe Privilege Escalation
2020-02-01 00:41:07
prion
prion
Code injection
2018-05-25 19:29:00
cve
cve
CVE-2018-11479
2018-05-25 19:29:00
packetstorm
packetstorm
Windscribe WindscribeService Named Pipe Privilege Escalation
2020-02-05 00:00:00
exploitdb
exploitdb
Windscribe - WindscribeService Named Pipe Privilege Escalation (Metasploit)
2020-02-07 00:00:00
zdt
zdt
Windscribe VPN WindscribeService Named Pipe Privilege Escalation Exploit
2020-02-05 00:00:00
nvd
nvd
CVE-2018-11479
2018-05-25 19:29:00