High severity7.8NVD Advisory· Published May 2, 2018· Updated Jun 17, 2026
CVE-2018-10647
CVE-2018-10647
Description
SaferVPN 4.2.5 for Windows suffers from a SYSTEM privilege escalation vulnerability in its "SaferVPN.Service" service. The "SaferVPN.Service" service executes "openvpn.exe" using OpenVPN config files located within the current user's %LOCALAPPDATA%\SaferVPN\OvpnConfig directory. An authenticated attacker may modify these configuration files to specify a dynamic library plugin that should run for every new VPN connection attempt. This plugin will execute code in the context of the SYSTEM user.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1Patches
Vulnerability mechanics
References
1- github.com/VerSprite/research/blob/master/advisories/VS-2018-024.mdnvdThird Party Advisory
News mentions
0No linked articles in our index yet.