CVE-2019-12576

HIGH Year: 2019
CVSS v3 Score
7.8
High
CVSS v2 Score
7.2
High
Weakness Type
CWE-426
View all →

Vulnerability Description

A vulnerability in the London Trust Media Private Internet Access (PIA) VPN Client v82 for macOS could allow an authenticated, local attacker to run arbitrary code with elevated privileges. The openvpn_launcher binary is setuid root. This program is called during the connection process and executes several operating system utilities to configure the system. The networksetup utility is called using relative paths. A local unprivileged user can execute arbitrary commands as root by creating a networksetup trojan which will be executed during the connection process. This is possible because the PATH environment variable is not reset prior to executing the OS utility.

Related Vulnerabilities

CVE-2013-2773

HIGH
CVSS:7.8(High)

Nitro PDF 8.5.0.26: A specially crafted DLL file can facilitate Arbitrary Code Execution

CWE-4262013

CVE-2013-3494

HIGH
CVSS:7.8(High)

A Code Execution Vulnerability exists in UMPlayer 0.98 in wintab32.dll due to insufficient path restrictions when loading external libraries. which could let a malicious user execute arbitrary code.

CWE-4262013

CVE-2013-3942

HIGH
CVSS:7.8(High)

Potplayer prior to 1.5.39659: DLL Loading Arbitrary Code Execution Vulnerability

CWE-4262013

CVE-2014-3860

HIGH
CVSS:7.8(High)

Xilisoft Video Converter Ultimate 7.8.1 build-20140505 has a DLL Hijacking vulnerability

CWE-4262014

CVE-2014-8358

HIGH
CVSS:7.8(High)

Huawei EC156, EC176, and EC177 USB Modem products with software before UTPS-V200R003B015D02SP07C1014 (23.015.02.07.1014) and before V200R003B015D02SP08C1014 (23.015.02.08.1014) use a weak ACL for the ...

CWE-4262014

CVE-2015-0974

HIGH
CVSS:7.8(High)

Untrusted search path vulnerability in ZTE Datacard MF19 0V1.0.0B04 allows local users to gain privilege by modifying the 'Ucell Internet' directory to reference a malicious mms_dll_r.dll or mediaplay...

CWE-4262015