CVE-2017-7690

HIGH

Proxifier for Mac <2.19.2 - Privilege Escalation

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-7690. PoCs published by Mark Wadham.

AI-analyzed exploit summary This exploit replaces the KLoader binary in Proxifier for Mac v2.19 with a malicious version that, when executed as root, sets a SUID root shell at /tmp/a and restores the original KLoader to avoid suspicion. It leverages insufficient binary verification by Proxifier.app.

Description

Proxifier for Mac before 2.19.2, when first run, allows local users to gain privileges by replacing the KLoader binary with a Trojan horse program.

Exploits (1)

exploitdb WORKING POC

by Mark Wadham · bashlocalmacos

https://www.exploit-db.com/exploits/43225

View Code ZIP pw:eip

This exploit replaces the KLoader binary in Proxifier for Mac v2.19 with a malicious version that, when executed as root, sets a SUID root shell at /tmp/a and restores the original KLoader to avoid suspicion. It leverages insufficient binary verification by Proxifier.app.

Classification

Working Poc 100%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: Proxifier for Mac v2.19

Auth required

Prerequisites: Proxifier v2.19 installed · Local user access · Admin credentials for initial execution

MITRE ATT&CK

T1548.001 - Setuid and Setgid

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Exploit, Third Party Advisory x_refsource_misc

https://m4.rkw.io/blog/cve20177690-local-root-privesc-in-proxifier-for-mac-219.html

Third Party Advisory, VDB Entry exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/43225/

Scores

CVSS v3 7.8

EPSS 0.0099

EPSS Percentile 57.9%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-78

Status published

Products (1)

proxifier/proxifier < 2.19.2

Published Apr 14, 2017

Tracked Since Feb 18, 2026