Unquoted Windows search path vulnerability in the ptservice service prior to PrivateTunnel version 3.0 (Windows) and OpenVPN Connect version 3.1 (Windows) allows local users to gain privileges via a crafted program.exe file in the %SYSTEMDRIVE% folder.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-428,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| openvpn | openvpn | 2.1.28.0 |
| privatetunnel | privatetunnel | 2.3.8 |
Buffer overflow in PrivateTunnel 2.7 and 2.8 allows local attackers to cause a denial of service (SEH overwrite) or possibly have unspecified other impact via a long password.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| privatetunnel | privatetunnel | 2.8 |
| privatetunnel | privatetunnel | 2.7 |