Perfect Privacy VPN Manager v1.10.11 – DoS Vulnerability
CVE-2017-16637
Affected Product(s):
Vectura Datamanagement Limited Company
Product: Perfect Privacy VPN Manager – Software (Client) v1.10.11
When resetting the network data via the software client, with a running VPN connection, a critical error occurs which leads to the “FrmAdvancedProtection”. Although the mechanism is malfunctioned and an error occurs during the runtime with the stack trace being issued, the software process is not properly terminated.
The software client is still attempting to maintain the connection even though the network connection information is being reset live. In that insecure mode the “FrmAdvancedProtection” component crashs but the process continues to run with different errors and process corruptions.
The security risk of the critical issue in the perfect privacy vpn manager software client is estimated as medium (CVSS 3.8)
Resolution:
The issue has been resolved by the vpn manager development team due to the 2017-10-18.
The patched version is available by download via perfect privacy vpn software client in v1.10.12.
Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.