VPN-1 SecureClient is reported prone to a vulnerability that may allow local attackers to disclose sensitive memory. This can lead to various other attacks against a vulnerable computer. The vulnerability exists in the 'SR_Service.exe', which manages VPN connections.
A successful attack may allow the attacker to disclose memory and cause the application to crash. Reportedly, this issue can be leveraged to ultimately execute arbitrary code, however, this has not been confirmed.
VPN-1 SecureClient NG FP1 is reported prone to this vulnerability. It is possible that other versions are affected as well.