An issue was discovered in AnchorFree VPN SDK before 220.127.116.11. The VPN SDK service takes certain executable locations over a socket bound to localhost.
The information has been provided by Vendor
The original article can be found at:https://www.pango.co/sec31944/
Binding to the socket and providing a path where a malicious executable file resides leads to executing the malicious executable file with SYSTEM privileges.
AnchorFree VPN SDK before 18.104.22.168