Vulnerable Software: Turbo VPN
Affected Version: 1.1.0.0
Vendor Homepage: https://www.turbovpn.co/#/views/index
CVE: –
CVE Author: Tejas Nitin Pingulkar
Exploit Available: POC Available
About Affected Software:
Turbo VPN For PC is a free VPN client which offers free VPN proxy giving you the chance to unblock sites and applications and gain access to restricted resources.
Exploit:
Turbo VPN 1.1.0.0 installers and applications are vulnerable to unquoted search path vulnerability as application search path are not quoted that is when application search for binaries TurboVPN folder stored in “C:\Program files(x86)\TurboVPN” it uses below search order as path is not quoted
C:\Program.exe
C:\Program (x86)\TurboVPN
Now attacker has to put program.exe in c:\ path, once user executes the application malicious code will get executed
[Under default windows configuration it is not possible to exploit vulnerability, however if c:\ is misconfigured it is possible to exploit]
POC