Total VPN Unquoted Service Path Vulnerability in Windows Version 0.5.29.0

A vulnerability exists in Total VPN for Windows, version 0.5.29.0, due to an unquoted search path in the win-service.exe file. This flaw allows local attackers to exploit the service by placing a malicious executable in a parent directory, which the system may inadvertently execute with elevated privileges. The vulnerability arises from the absence of quotation marks in the service path, particularly where spaces are present, creating an opportunity for privilege escalation and potential compromise of data or system functionality.

Impact

Exploitation of this vulnerability could lead to unauthorized execution of malicious programs with the same rights as the Total VPN application, potentially allowing attackers to escalate privileges, manipulate data, or disrupt normal system operations.

Reproduction

To reproduce this vulnerability, first note that the registered service path for Total VPN includes spaces and lacks quotation marks. Next, create a malicious executable named 'Program.exe' and place it in the root of the C: drive. Finally, restart the Total VPN service and observe that the malicious executable is executed.