Advertisement






ProtonVPN 1.10.1 DLL Hijacking & Privilege Escalation

CVE Category Price Severity
CWE-276 Not specified High
Author Risk Exploitation Type Date
exploitalert High Local 2019-09-10
Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2019090078

Below is a copy:

ProtonVPN 1.10.1 DLL Hijacking & Privilege Escalation
Title: ProtonVPN 1.10.1 DLL Hijacking & Privilege Escalation 
Date: 2019-09-10
Author: Nir Yehoshua
Vendor: https://protonvpn.com/
Version: ProtonVPN Windows Installer 1.10.1
Tested on: Windows Windows 10 x64 [eng]


Description:

A local DLL hijacking vulnerability has been discovered in ProtonVPN Installer 1.10.1.
The issue allows local attackers to load their DLL into ProtonVPN.exe and execute the DLL.
In my demo, I executed my malicious DLL to get meterpreter reverse TCP shell with SYSTEM privileges on the victim OS.

Vulnerable Library:
wlanapi.dll (x64)

Location:
C:\Program Files (x86)\Proton Technologies\ProtonVPN\

Copyright ©2024 Exploitalert.

This information is provided for TESTING and LEGAL RESEARCH purposes only.
All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use and Privacy Policy and Impressum