The exploit describes a privilege escalation vulnerability in Viscosity for Windows 1.6.7, where the ViscosityService incorrectly validates paths, allowing execution of OpenVPN with a custom DLL as SYSTEM. The PoC is referenced externally, and the solution involves updating to version 1.6.8.
Classification
Writeup 90%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target:Viscosity for Windows 1.6.7
Auth required
Prerequisites:Local access to the target system · Viscosity for Windows 1.6.7 installed