A vulnerability in Private Internet Access VPN Client for Windows could allow an unauthenticated, local attacker to run executable files with elevated privileges. The vulnerability is due to insufficient implementation of the access controls. The
Help options available from the system tray context menu for the PIA VPN client spawns an elevated instance of the user’s default web browser. An attacker could exploit this vulnerability by selecting
Run as Administratorfrom the context menu of an executable file within the file browser of the spawned default web browser. This may allow the attacker to execute privileged commands on the targeted system.