Title: ProtonVPN 1.10.1 DLL Hijacking & Privilege Escalation 
Date: 2019-09-10
Author: Nir Yehoshua
Vendor: https://protonvpn.com/
Version: ProtonVPN Windows Installer 1.10.1
Tested on: Windows Windows 10 x64 [eng]


Description:

A local DLL hijacking vulnerability has been discovered in ProtonVPN Installer 1.10.1.
The issue allows local attackers to load their DLL into ProtonVPN.exe and execute the DLL.
In my demo, I executed my malicious DLL to get meterpreter reverse TCP shell with SYSTEM privileges on the victim OS.

Vulnerable Library:
wlanapi.dll (x64)

Location:
C:\Program Files (x86)\Proton Technologies\ProtonVPN\