CVE-2017-7643

HIGH

Proxifier for Mac <2.19 - Privilege Escalation

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-7643. PoCs published by Mark Wadham.

AI-analyzed exploit summary This exploit leverages an unsanitized system() call in the suid-root KLoader binary of Proxifier for Mac to execute arbitrary commands, allowing local privilege escalation to root. It compiles a setuid binary and uses command injection to elevate privileges.

Description

Proxifier for Mac before 2.19 allows local users to gain privileges via the first parameter to the KLoader setuid program.

Exploits (1)

exploitdb WORKING POC
by Mark Wadham · textlocalmacos
https://www.exploit-db.com/exploits/41854

This exploit leverages an unsanitized system() call in the suid-root KLoader binary of Proxifier for Mac to execute arbitrary commands, allowing local privilege escalation to root. It compiles a setuid binary and uses command injection to elevate privileges.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Trivial
Reliability
Reliable
Target: Proxifier for Mac v2.18 (and possibly earlier versions)
No auth needed
Prerequisites: Proxifier for Mac v2.18 (or vulnerable version) installed · Local access to the system
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Mailing List, Technical Description, Third Party Advisory, VDB Entry mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2017/Apr/54
Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/41854/

Scores

CVSS v3 7.8
EPSS 0.0097
EPSS Percentile 57.1%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

Status published
Products (1)
proxifier/proxifier < 2.19
Published Apr 14, 2017
Tracked Since Feb 18, 2026