CVE-2012-4677

EUVD-2012-4602
Tunnelblick 3.3beta20 and earlier allows local users to gain privileges by using a crafted Info.plist file to control the gOkIfNotSecure value.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.4 UNKNOWN
LOCAL
MEDIUM
AV:L/AC:M/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 3%
Affected Products (NVD)
VendorProductVersion
googletunnelblick
𝑥
≤ 3.3beta20
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://code.google.com/p/tunnelblick/issues/detail?id=212
http://code.google.com/p/tunnelblick/issues/detail?id=212