| 标题 | Total VPN Total VPN for Windows 0.5.29.0 Unquoted Service Path |
|---|
| 描述 | Security vulnerability: Unquoted Service Path
Affected Component: Total VPN
Product: Total VPN for Windows
Version: x.x.x.x
Vendor: Total VPN (https://www.totalvpn.com/)
Vulnerability Description
Unquoted Search Path or Element vulnerability in Total VPN. A local attacker who successfully exploited this vulnerability could gain elevated privileges by inserting an executable file in the path of the affected service.
Impact
By exploiting this vulnerability, an attacker could send a malicious .exe file to the parent directory (for example, C:\Program.exe), so Windows will interpret this path instead of the intended one, as C:\Program Files\Total VPN\win-service.exe. This could allow an attacker to use the privileges of the legitimate software to perform privilege escalations, compromise data, or alter system functionality, jeopardizing the security and integrity of the environment.
To reproduce:
1) Note that the registered service address for the software contains spaces and no quotation marks.
2) Create a malicious executable file named "Program.exe" and place it on the C:\ drive.
3) Restart the service and observe that the malicious executable file will run.
|
|---|
| 来源 | ⚠️ https://github.com/Cyber-Wo0dy/report/blob/main/totalvpn/x.x.x.x/totalvpn_unquoted_service_path.md |
|---|
| 用户 | Anonymous User |
|---|
| 提交 | 2026-01-30 14時10分 (3 月前) |
|---|
| 管理 | 2026-02-15 16時36分 (16 days later) |
|---|
| 状态 | 已接受 |
|---|
| VulDB条目 | 346127 [Total VPN 0.5.29.0 于 Windows win-service.exe 权限提升] |
|---|
| 积分 | 20 |
|---|