Weak Permissions in Hola VPN 1.34 Allows Privilege Escalation via Trojan Horse Files

Weak Permissions in Hola VPN 1.34 Allows Privilege Escalation via Trojan Horse Files

CVE-2017-16757 · MEDIUM Severity

AV:L/AC:L/AU:N/C:P/I:P/A:P

Hola VPN 1.34 has weak permissions (Everyone:F) under %PROGRAMFILES%, which allows local users to gain privileges via a Trojan horse 7za.exe or hola.exe file.

Learn more about our User Device Pen Test.