CVE-2022-50924

Name of the Vulnerable Software and Affected Versions Private Internet Access version 3.3

Description An unquoted service path allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted path in the service configuration to inject malicious code that executes with LocalSystem permissions during service startup.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.