CVE-2018-10381
TunnelBear 3.2.0.6 for Windows is affected by a SYSTEM elevation vulnerability in the TunnelBearMaintenance NetNamedPipe endpoint. The OpenVPNConnect method can accept a server list argument that enables an attacker to control the OpenVPN command line, and an attacker can specify a dynamic librar...