2 matches found
CVE-2017-16757
Hola VPN 1.34 is affected by a local privilege escalation due to weak permissions (Everyone:F) in %PROGRAMFILES%, enabling a local attacker to gain privileges via a malicious 7za.exe or hola.exe file. The CVE entry provides no exploit details in the connected documents; no remediation details are...
CVE-2018-6623
The CVE-2018-6623 entry concerns Hola VPN version 1.79.859. The issue arises from insecure service permissions (SERVICE_ALL_ACCESS) on the hola_svc and hola_updater Windows services, allowing an unprivileged user to modify or overwrite the executable. The modified executable would run on the next...