1 results (0.001 seconds)

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0

An issue was discovered in AnchorFree VPN SDK before 1.3.3.218. The VPN SDK service takes certain executable locations over a socket bound to localhost. Binding to the socket and providing a path where a malicious executable file resides leads to executing the malicious executable file with SYSTEM privileges. Se descubrió un problema en AnchorFree VPN SDK versiones anteriores a la versión 1.3.3.218. El servicio VPN SDK toma determinadas ubicaciones ejecutables a través de un socket vinculado a localhost. • https://www.pango.co/sec31944 • CWE-434: Unrestricted Upload of File with Dangerous Type •