An issue was discovered in AnchorFree VPN SDK before 1.3.3.218. The VPN SDK service takes certain executable locations over a socket bound to localhost. Binding to the socket and providing a path where a malicious executable file resides leads to executing the malicious executable file with SYSTEM privileges.
References
Link | Resource |
---|---|
https://www.pango.co/sec31944/ | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2020-05-21T16:25:46
Updated: 2020-05-21T16:25:46
Reserved: 2020-05-13T00:00:00
Link: CVE-2020-12828
JSON object: View
NVD Information
Status : Analyzed
Published: 2020-05-21T17:15:10.227
Modified: 2020-06-02T16:55:53.687
Link: CVE-2020-12828
JSON object: View
Redhat Information
No data.
CWE