| タイトル | Total VPN Total VPN for Windows 0.5.29.0 Unquoted Service Path |
|---|
| 説明 | Security vulnerability: Unquoted Service Path
Affected Component: Total VPN
Product: Total VPN for Windows
Version: x.x.x.x
Vendor: Total VPN (https://www.totalvpn.com/)
Vulnerability Description
Unquoted Search Path or Element vulnerability in Total VPN. A local attacker who successfully exploited this vulnerability could gain elevated privileges by inserting an executable file in the path of the affected service.
Impact
By exploiting this vulnerability, an attacker could send a malicious .exe file to the parent directory (for example, C:\Program.exe), so Windows will interpret this path instead of the intended one, as C:\Program Files\Total VPN\win-service.exe. This could allow an attacker to use the privileges of the legitimate software to perform privilege escalations, compromise data, or alter system functionality, jeopardizing the security and integrity of the environment.
To reproduce:
1) Note that the registered service address for the software contains spaces and no quotation marks.
2) Create a malicious executable file named "Program.exe" and place it on the C:\ drive.
3) Restart the service and observe that the malicious executable file will run.
|
|---|
| ソース | ⚠️ https://github.com/Cyber-Wo0dy/report/blob/main/totalvpn/x.x.x.x/totalvpn_unquoted_service_path.md |
|---|
| ユーザー | Anonymous User |
|---|
| 送信 | 2026年01月30日 14:10 (3 月 ago) |
|---|
| モデレーション | 2026年02月15日 16:36 (16 days later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 346127 [Total VPN 0.5.29.0 上 Windows win-service.exe 特権昇格] |
|---|
| ポイント | 20 |
|---|