Turbo VPN: Unquoted Search Path Vulnerability

CVE-

Vulnerable Software: Turbo VPN

Affected Version: 1.1.0.0

Vendor Homepage: https://www.turbovpn.co/#/views/index

CVE: –

CVE Author: Tejas Nitin Pingulkar

Exploit Available: POC Available

About Affected Software:

Turbo VPN For PC is a free VPN client which offers free VPN proxy giving you the chance to unblock sites and applications and gain access to restricted resources.

Exploit:

Turbo VPN 1.1.0.0 installers and applications are vulnerable to unquoted search path vulnerability as application search path are not quoted that is when application search for binaries TurboVPN folder stored in “C:\Program files(x86)\TurboVPN” it uses below search order as path is not quoted

C:\Program.exe
C:\Program (x86)\TurboVPN

Now attacker has to put program.exe in c:\ path, once user executes the application malicious code will get executed

[Under default windows configuration it is not possible to exploit vulnerability, however if c:\ is misconfigured it is possible to exploit]

POC

Patch: Vulnerability was patched in version 1.1.1.0

Timeline:

Initial Email Sent: 30 May 2020

Response from TurboVPN Team: 31 May 2020

Vulnerability Reported: 31 May 2020

Vulnerability acknowledged: 1 June 2020 

Patch Released: 2 June 2020

Turbo VPN: Unquoted Search Path Vulnerability

Leave a Reply

Your email address will not be published. Required fields are marked *

Scroll to top