4 matches found
Proxifier for Mac 2.19 - Local Privilege Escalation
Proxifier for Mac 2.19 - Local Privilege Escalation With CVE-2017-7643 I disclosed a command injection vulnerablity in the KLoader binary that ships with Proxifier = 2.18. Unfortunately 2.19 is also vulnerable to a slightly different attack that yields the same result. When Proxifier is first run...
Proxifier for Mac 2.19 - Local Privilege Escalation
With CVE-2017-7643 I disclosed a command injection vulnerablity in the KLoader binary that ships with Proxifier = 2.18. Unfortunately 2.19 is also vulnerable to a slightly different attack that yields the same result. When Proxifier is first run, if the KLoader binary is not suid root it gets...
CVE-2017-7643
CVE-2017-7643 affects Proxifier for Mac (pre-2.19). The vulnerability arises in the KLoader setuid root mechanism: on first run, if KLoader isn’t already root, Proxifier can cause it to run as root and then KLoader elevates to root privileges, enabling local privilege escalation. Exploitation vec...
Proxifier 2.19 Privilege Escalation / Code Execution
With CVE-2017-7643 I disclosed a command injection vulnerablity in the KLoader binary that ships with Proxifier = 2.18. Unfortunately 2.19 is also vulnerable to a slightly different attack that yields the same result. When Proxifier is first run, if the KLoader binary is not suid root it gets...