Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The VPN component in Windscribe 1.81 uses the OpenVPN client for connections. Also, it creates a WindScribeService.exe system process that establishes a \\.\pipe\WindscribeService named pipe endpoint that allows the Windscribe VPN process to connect and execute an OpenVPN process or other processes (like taskkill, etc.). There is no validation of the program name before constructing the lpCommandLine argument for a CreateProcess call. An attacker can run any malicious process with SYSTEM privileges through this named pipe.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Windscribe VPN组件输入验证错误漏洞
Vulnerability Description
Windscribe是一套用于匿名连接互联网的VPN软件。VPN component是其中的一个组件。 Windscribe 1.81版本中的VPN组件存在输入验证漏洞,该漏洞源于在为lpCommandLine的调用构建‘lpCommandLine’参数之前,程序没有验证程序的名称。本地攻击者可利用该漏洞以SYSTEM权限运行恶意进程。
CVSS Information
N/A
Vulnerability Type
N/A