The VPN component in Windscribe 1.81 uses the OpenVPN client for connections. Also, it creates a WindScribeService.exe system process that establishes a \\.\pipe\WindscribeService named pipe endpoint that allows the Windscribe VPN process to connect and execute an OpenVPN process or other processes (like taskkill, etc.). There is no validation of the program name before constructing the lpCommandLine argument for a CreateProcess call. An attacker can run any malicious process with SYSTEM privileges through this named pipe.
Published 2018-05-25 19:29:00
Updated 2020-02-05 21:15:11
Source MITRE
View at NVD,   CVE.org
Vulnerability category: Input validation

Products affected by CVE-2018-11479

Exploit prediction scoring system (EPSS) score for CVE-2018-11479

0.18%
Probability of exploitation activity in the next 30 days EPSS Score History
~ 55 %
Percentile, the proportion of vulnerabilities that are scored at or less

Metasploit modules for CVE-2018-11479

  • Windscribe WindscribeService Named Pipe Privilege Escalation
    Disclosure Date: 2018-05-24
    First seen: 2020-04-26
    exploit/windows/local/windscribe_windscribeservice_priv_esc
    The Windscribe VPN client application for Windows makes use of a Windows service `WindscribeService.exe` which exposes a named pipe `\.\pipe\WindscribeService` allowing execution of programs with elevated privileges. Windscribe versions prior to 1.

CVSS scores for CVE-2018-11479

Base Score Base Severity CVSS Vector Exploitability Score Impact Score Score Source First Seen
7.2
HIGH AV:L/AC:L/Au:N/C:C/I:C/A:C
3.9
10.0
NIST
7.8
HIGH CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1.8
5.9
NIST

CWE ids for CVE-2018-11479

  • The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
    Assigned by: nvd@nist.gov (Primary)

References for CVE-2018-11479

Jump to
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!