CVE-2014-5455 Information

Description

Unquoted Windows search path vulnerability in the ptservice service prior to PrivateTunnel version 3.0 (Windows) and OpenVPN Connect version 3.1 (Windows) allows local users to gain privileges via a crafted program.exe file in the SYSTEMDRIVE folder.

Reference

http://osvdb.org/show/osvdb/109007 http://packetstormsecurity.com/files/127439/OpenVPN-Private-Tunnel-Privilege-Escalation.html http://www.exploit-db.com/exploits/34037 http://www.zeroscience.mk/en/vulnerabilities/ZSL-2014-5192.php https://github.com/CVEProject/cvelist/pull/3909 https://github.com/CVEProject/cvelist/pull/3909/commits/ace34f1cf94602f31760d3eb7ae68e17df8f914d https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05325943