Security Updates
Last Updated: January 18, 2022
Hotspot Shield for Windows
Versions affected: Hotspot Shield for Windows of version 10.3.0 and earlier
Impact: A vulnerability was reported in the Hotspot Shield for Windows 10.0.1. The Hotspot Shield Service runs as SYSTEM and it writes log files into the folder with the local user permissions. Removing the folder and abusing NTFS junctions, an unprivileged user can write to any file on the file system with SYSTEM privileges.
This vulnerability has been assigned the CVE-2020-17365
Entry added: September, 18, 2020
Hotspot Shield for Windows
Versions affected: Hotspot shield for Windows 7.10 and earlier
Impact: An internal audit discovered all versions of Hotspot Shield for Windows < 7.10 contain a vulnerability that leads to information disclosure when a user visits a specific vulnerable domain. The issue was fixed by removing special treatment of these domains.
This vulnerability has been assigned the CVE-2018-17241
Entry added: September, 20, 2018
Betternet for Windows
Versions affected: Betternet for Windows <= 4.1.0.0
Impact: A vulnerability was reported in the Betternet for Windows installer that lead to arbitrary code execution provided a DLL planting attack that had already succeeded.
This vulnerability has been assigned CVE-2018-12269
Entry added: June 13, 2018
Hotspot Shield Chrome Extension
Versions affected: Hotspot Shield Chrome extension <= 3.2.14
Impact: A vulnerability was reported in the way the Chrome extension was resolving domains that lead to leaking the user’s IP address under specific conditions.
This vulnerability has been assigned CVE-2018-7878
Entry added: March 12, 2018
Hotspot Shield Chrome Extension
Version affected: Hotspot Shield Chrome extension <= 3.2.14
Impact: A vulnerability was reported in the whitelist present in the PAC script.
If a user visited a website that hosted a URL with a specific query parameter, the extension would then start proxying traffic to that URL, leading to a traffic hijack.
This vulnerability has been assigned CVE-2018-7879
Entry added: March 12, 2018
Hotspot Shield Chrome Extension
Versions affected: Hotspot Shield Chrome extension <= 3.2.14
Impact: A vulnerability was reported in the whitelist present in the PAC script.
If a user visited a specially crafted page, the request would bypass the VPN and the user’s real IP address would be visible.
This vulnerability has been assigned CVE-2018-7880
Entry added: March 12, 2018
AnchorFree OpenVPN SDK
Versions affected: AnchorFree OpenVPN SDK v1.3.3.218
Impact: An issue was discovered in AnchorFree OpenVPN SDK before v1.3.3.218. The VPN SDK service takes certain executable locations over a socket bound to localhost. A malicious entity binding to the socket and providing a path where a malicious executable file resides leads to executing the malicious executable file with SYSTEM privileges.
This vulnerability has been assigned CVE-2020-12828
Entry added: March 13, 2020