VeePN Unquoted Search Path Vulnerability in AVService Component Allowing Local Privilege Escalation

Vulnerability

A vulnerability exists in VeePN versions through 1.6.2, specifically in the AVService component. The issue arises from an unquoted search path in the service's executable file, located at 'C:\Program Files (x86)\VeePN\avservice\avservice.exe'. This flaw creates an unquoted search path vulnerability, allowing local attackers with file-write access to place a malicious binary in a writable directory. When the service is restarted, the malicious binary can be executed with elevated privileges, typically those of the SYSTEM account, leading to local privilege escalation and potential full system compromise.

Impact

Exploitation of this vulnerability allows for local privilege escalation to the service account, which commonly has SYSTEM privileges, potentially leading to a complete compromise of the system.

Added: Oct 27, 2025, 2:48 PM

Updated: Oct 27, 2025, 2:48 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

6.0

remediation

0.0

relevance

0.8

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

6.0

remediation

0.0

relevance

0.8

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

VeePN Unquoted Search Path Vulnerability in AVService Component Allowing Local Privilege Escalation

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating