CVE-2014-5455

MEDIUM

ptservice <3.0 - Privilege Escalation

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2014-5455. PoCs published by LiquidWorm.

AI-analyzed exploit summary The exploit describes an unquoted service path vulnerability in OpenVPN Private Tunnel Core Service (ptservice) on Windows, allowing local privilege escalation if a malicious executable is placed in the system root path. The writeup includes service configuration details and file permissions but lacks executable PoC code.

Description

Unquoted Windows search path vulnerability in the ptservice service prior to PrivateTunnel version 3.0 (Windows) and OpenVPN Connect version 3.1 (Windows) allows local users to gain privileges via a crafted program.exe file in the %SYSTEMDRIVE% folder.

Exploits (1)

exploitdb WRITEUP
by LiquidWorm · textlocalwindows_x86
https://www.exploit-db.com/exploits/34037

The exploit describes an unquoted service path vulnerability in OpenVPN Private Tunnel Core Service (ptservice) on Windows, allowing local privilege escalation if a malicious executable is placed in the system root path. The writeup includes service configuration details and file permissions but lacks executable PoC code.

Classification
Writeup 100%
Attack Type
Lpe
Complexity
Moderate
Reliability
Theoretical
Target: OpenVPN Private Tunnel 2.3.8 (ptservice 2.1.28.0)
Auth required
Prerequisites: Local user access · Ability to write to system root path
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (7)

Core 7

Scores

CVSS v3 5.3
EPSS 0.0095
EPSS Percentile 56.6%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-428
Status published
Products (2)
openvpn/openvpn 2.1.28.0
privatetunnel/privatetunnel 2.3.8
Published Aug 25, 2014
Tracked Since Feb 18, 2026