76 matches found
Windscribe WindscribeService Named Pipe Privilege Escalation
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Windscribe WindscribeService Named Pipe Privilege Escalation', 'Description' = %q The Windscribe VPN client application for Windows makes use of ...
Windscribe VPN WindscribeService Named Pipe Privilege Escalation Exploit
The Windscribe VPN client application for Windows makes use of a Windows service WindscribeService.exe which exposes a named pipe \.\pipe\WindscribeService allowing execution of programs with elevated privileges. Windscribe versions prior to 1.82 do not validate user-supplied program names,...
Windscribe WindscribeService Named Pipe Privilege Escalation
The Windscribe VPN client application for Windows makes use of a Windows service WindscribeService.exe which exposes a named pipe \.\pipe\WindscribeService allowing execution of programs with elevated privileges. Windscribe versions prior to 1.82 do not validate user-supplied program names,...
CVE-2018-11479
The VPN component in Windscribe 1.81 uses the OpenVPN client for connections. Also, it creates a WindScribeService.exe system process that establishes a \.\pipe\WindscribeService named pipe endpoint that allows the Windscribe VPN process to connect and execute an OpenVPN process or other processe...
CVE-2018-11479
The VPN component in Windscribe 1.81 uses the OpenVPN client for connections. Also, it creates a WindScribeService.exe system process that establishes a \.\pipe\WindscribeService named pipe endpoint that allows the Windscribe VPN process to connect and execute an OpenVPN process or other processe...
Code injection
The VPN component in Windscribe 1.81 uses the OpenVPN client for connections. Also, it creates a WindScribeService.exe system process that establishes a \.\pipe\WindscribeService named pipe endpoint that allows the Windscribe VPN process to connect and execute an OpenVPN process or other processe...
CVE-2018-11479
CVE-2018-11479 affects Windscribe for Windows. WindscribeService.exe creates the .\us WindscribeService named pipe and does not validate the program name before CreateProcess, enabling an attacker to execute arbitrary commands with SYSTEM privileges via the pipe. Public details in connected docs...
CVE-2018-11479
The VPN component in Windscribe 1.81 uses the OpenVPN client for connections. Also, it creates a WindScribeService.exe system process that establishes a \.\pipe\WindscribeService named pipe endpoint that allows the Windscribe VPN process to connect and execute an OpenVPN process or other processe...
Windscribe 1.81 Code Execution
Vulnerability description: The VPN component in Windscribe 1.81 uses the OpenVPN client for connections. Also, it creates a WindScribeService.exe system process that establishes a \.\pipe\WindscribeService named pipe endpoint that allows the Windscribe VPN process to connect and execute an OpenVP...
WindScribe Denial of Service Vulnerability
WindScribe is a suite of VPN software for anonymously connecting to the Internet. A security vulnerability exists in WindScribe version 1.81. An attacker can exploit this vulnerability with the help of \pipe\WindscribeService URL to gain access or cause a denial of service. \pipe\WindscribeServic...
PT-2018-10598 · Windscribe +1 · Windscribe +1
Name of the Vulnerable Software and Affected Versions: Windscribe version 1.81 Description: The issue concerns the VPN component in Windscribe, which uses the OpenVPN client and creates a system process named WindScribeService.exe. This process establishes a named pipe endpoint,...
Design/Logic Flaw
Windscribe 1.81 creates a named pipe with a NULL DACL that allows Everyone users to gain privileges or cause a denial of service via \.\pipe\WindscribeService...
CVE-2018-11334
Windscribe 1.81 creates a named pipe with a NULL DACL that allows Everyone users to gain privileges or cause a denial of service via \.\pipe\WindscribeService...
CVE-2018-11334
Windscribe 1.81 creates a named pipe with a NULL DACL that allows Everyone users to gain privileges or cause a denial of service via \.\pipe\WindscribeService...
CVE-2018-11334
Windscribe 1.81 creates a named pipe with a NULL DACL that allows Everyone users to gain privileges or cause a denial of service via \.\pipe\WindscribeService...
CVE-2018-11334
Windscribe 1.81 contains a vulnerability where a named pipe (\.\pipe\WindscribeService) is created with a NULL DACL, allowing Everyone to gain privileges or cause a denial of service. This is a local issue stemming from an overly permissive named pipe ACL, enabling privilege escalation or disrupt...