CVE-2012-4284

CRITICAL

Viscosity 1.4.1 - Privilege Escalation via ViscosityHelper Path Validation Issue

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2012-4284. PoCs published by Metasploit, zx2c4, Jason A. Donenfeld, juan vazquez, including Metasploit module exploits/osx/local/setuid_viscosity.

AI-analyzed exploit summary This Metasploit module exploits a privilege escalation vulnerability in Viscosity 1.4.1 on Mac OS X. It leverages insufficient path validation in the setuid ViscosityHelper to execute arbitrary Python code as root, ultimately achieving local privilege escalation.

Description

A Privilege Escalation vulnerability exists in Viscosity 1.4.1 on Mac OS X due to a path name validation issue in the setuid-set ViscosityHelper binary, which could let a remote malicious user execute arbitrary code

Exploits (3)

exploitdb WORKING POC VERIFIED
by Metasploit · rubylocalosx
https://www.exploit-db.com/exploits/24579

This Metasploit module exploits a privilege escalation vulnerability in Viscosity 1.4.1 on Mac OS X. It leverages insufficient path validation in the setuid ViscosityHelper to execute arbitrary Python code as root, ultimately achieving local privilege escalation.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: Viscosity 1.4.1 on Mac OS X
No auth needed
Prerequisites: Access to a vulnerable Mac OS X system with Viscosity 1.4.1 installed · Write permissions in a directory (default /tmp)
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC
by zx2c4 · bashlocalosx
https://www.exploit-db.com/exploits/20485

This exploit leverages a symlink attack against Viscosity's SUID helper to execute arbitrary code as root. It creates a malicious `site.py` file in a crafted directory, then tricks the helper into executing it via a symlink.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Trivial
Reliability
Reliable
Target: Viscosity VPN Client (versions prior to fix for CVE-2012-4284)
No auth needed
Prerequisites: Viscosity installed on macOS · ViscosityHelper SUID binary present
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC EXCELLENT
by Jason A. Donenfeld, juan vazquez · rubypocosx
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/osx/local/setuid_viscosity.rb

This Metasploit module exploits a vulnerability in Viscosity 1.4.1 on Mac OS X, where insufficient validation of path names in the setuid ViscosityHelper allows arbitrary Python code execution as root. It drops a malicious Python script and a payload executable, then leverages a symlink to trigger the exploit.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: Viscosity 1.4.1 on Mac OS X
No auth needed
Prerequisites: Write access to a directory (e.g., /tmp) · Presence of vulnerable ViscosityHelper binary
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Third Party Advisory, VDB Entry x_refsource_misc
http://www.securityfocus.com/bid/55002
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
http://www.exploit-db.com/exploits/24579
Release Notes, Vendor Advisory x_refsource_confirm
https://www.sparklabs.com/viscosity/releasenotes/mac/

Scores

CVSS v3 9.8
EPSS 0.5143
EPSS Percentile 98.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

Status published
Products (1)
sparklabs/viscosity 1.4.1
Published Jan 10, 2020
Tracked Since Feb 18, 2026