Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An issue was discovered in PureVPN through 5.19.4.0 on Windows. The client installation grants the Everyone group Full Control permission to the installation directory. In addition, the PureVPNService.exe service, which runs under NT Authority\SYSTEM privileges, tries to load several dynamic-link libraries using relative paths instead of the absolute path. When not using a fully qualified path, the application will first try to load the library from the directory from which the application is started. As the residing directory of PureVPNService.exe is writable to all users, this makes the application susceptible to privilege escalation through DLL hijacking.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
PureVPN for Windows 权限许可和访问控制漏洞
Vulnerability Description
PureVPN for Windows是一套基于Windows平台的VPN软件。 基于Windows平台的PureVPN 5.19.4.0及之前版本中存在提权漏洞。攻击者可通过劫持DLL利用该漏洞获取NT Authority\SYSTEM权限。
CVSS Information
N/A
Vulnerability Type
N/A