| Title | Advaned Installer Local Privilege Escalation Vulnerability |
|---|
| Description | A vulnerability existed in the Advanced Installer that loaded GdiPlus.dll, one of the WinSxS DLLs.
The Proton VPN installer runs with Administrator privileges and loads GdiPlus.dll from %INSTALLER_LOCATION%\ProtonVPN_win_v2.0.0.exe.Local\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.19041.1706_none_d94bc52be10975a7. If the ProtonVPN_win_v2.0.0.exe.Local directory does not exist, load the dll from C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.19041.1706_none_d94bc52be10975a7. At this time, the ProtonVPN_win_v2.0.0.exe.Local directory can be accessed by general users, so the attacker can load GdiPlus.dll with Administrator privileges and elevate it to SYSTEM privileges through a dll hijacking attack.
This is not a vulnerability in Proton VPN, but rather a vulnerability in the Advanced Installer used by Proton VPN.
|
|---|
| Source | ⚠️ https://heegong.github.io/posts/Advaned-Installer-Local-Privilege-Escalation-Vulnerability/ |
|---|
| User | heegong (UID 52180) |
|---|
| Submission | 09/23/2023 07:41 (3 years ago) |
|---|
| Moderation | 09/29/2023 11:40 (6 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 240903 [Caphyon Advanced Installer 19.7 WinSxS DLL uncontrolled search path] |
|---|
| Points | 20 |
|---|