Blablabla

**Name of the Vulnerable Software and Affected Versions** Windscribe version 1.81 **Description** The issue concerns the VPN component in Windscribe, which uses the OpenVPN client and creates a system process named WindScribeService.exe. This process establishes a named pipe endpoint, .pipeWindscribeService, allowing the Windscribe VPN process to connect and execute other processes. However, there is no validation of the program name before constructing the lpCommandLine argument for a CreateProcess call, enabling an attacker to run malicious processes with SYSTEM privileges through this named pipe. **Recommendations** For Windscribe version 1.81, as a temporary workaround, consider disabling the WindScribeService.exe system process until a patch is available. Restrict access to the .pipeWindscribeService named pipe endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.