CVE-2014-5455
Unquoted Windows search path vulnerability in the ptservice service prior to PrivateTunnel version 3.0 (Windows) and OpenVPN Connect version 3.1 (Windows) allows local users to gain privileges via a crafted program.exe file in the %SYSTEMDRIVE% folder.
Published at
2014-08-25T16:55Z
3533 days ago
Modified
2020-06-01T15:15Z
1426 days ago
CWE-428
Problem type
References
URL | Type |
---|---|
109007 http://osvdb.org/show/osvdb/109007 | OSVDB |
packetstormsecurity.com http://packetstormsecurity.com/files/127439/OpenVPN-Private-Tunnel-Privilege-Escalation.html | MISC |
34037 http://www.exploit-db.com/exploits/34037 | EXPLOIT-DB |
www.zeroscience.mk http://www.zeroscience.mk/en/vulnerabilities/ZSL-2014-5192.php | MISC |
HPSBGN3551 https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05325943 | HP |
github.com https://github.com/CVEProject/cvelist/pull/3909 | MISC |
github.com https://github.com/CVEProject/cvelist/pull/3909/commits/ace34f1cf94602f31760d3eb7ae68e17df8f914d | MISC |
GET https://vulnerabilitydata.com/api/details/CVE-2014-5455
{ "id": "CVE-2014-5455", "published_date": "2014-08-25T16:55Z", "last_modified_date": "2020-06-01T15:15Z", "assigner": "cve@mitre.org", "description": "Unquoted Windows search path vulnerability in the ptservice service prior to PrivateTunnel version 3.0 (Windows) and OpenVPN Connect version 3.1 (Windows) allows local users to gain privileges via a crafted program.exe file in the %SYSTEMDRIVE% folder.", "references": [ { "url": "http://osvdb.org/show/osvdb/109007", "name": "109007", "refsource": "OSVDB", "tags": [ "Broken Link" ] }, { "url": "http://packetstormsecurity.com/files/127439/OpenVPN-Private-Tunnel-Privilege-Escalation.html", "name": "http://packetstormsecurity.com/files/127439/OpenVPN-Private-Tunnel-Privilege-Escalation.html", "refsource": "MISC", "tags": [ "Exploit" ] }, { "url": "http://www.exploit-db.com/exploits/34037", "name": "34037", "refsource": "EXPLOIT-DB", "tags": [ "Exploit" ] }, { "url": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2014-5192.php", "name": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2014-5192.php", "refsource": "MISC", "tags": [ "Exploit" ] }, { "url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05325943", "name": "HPSBGN3551", "refsource": "HP", "tags": [ "Third Party Advisory" ] }, { "url": "https://github.com/CVEProject/cvelist/pull/3909", "name": "https://github.com/CVEProject/cvelist/pull/3909", "refsource": "MISC", "tags": [] }, { "url": "https://github.com/CVEProject/cvelist/pull/3909/commits/ace34f1cf94602f31760d3eb7ae68e17df8f914d", "name": "https://github.com/CVEProject/cvelist/pull/3909/commits/ace34f1cf94602f31760d3eb7ae68e17df8f914d", "refsource": "MISC", "tags": [] } ], "impact": { "baseMetricV2": { "cvssV2": { "version": "2.0", "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "accessVector": "LOCAL", "accessComplexity": "MEDIUM", "authentication": "NONE", "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "baseScore": 6.9 }, "severity": "MEDIUM", "exploitabilityScore": 3.4, "impactScore": 10, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false } }, "problem_type": "CWE-428" }