CVE-2015-0925

The client in iPass Open Mobile before 2.4.5 on Windows allows remote authenticated users to execute arbitrary code via a DLL pathname in a crafted Unicode string that is improperly handled by a subprocess reached through a named pipe, as demonstrated by a UNC share pathname.
References
Link Resource
http://www.kb.cert.org/vuls/id/110652 Third Party Advisory US Government Resource
http://www.kb.cert.org/vuls/id/110652 Third Party Advisory US Government Resource
Configurations

Configuration 1 (hide)

cpe:2.3:a:ipass:ipass_open_mobile:*:*:*:*:*:windows:*:*

History

21 Nov 2024, 02:24

Type Values Removed Values Added
References () http://www.kb.cert.org/vuls/id/110652 - Third Party Advisory, US Government Resource () http://www.kb.cert.org/vuls/id/110652 - Third Party Advisory, US Government Resource

Information

Published : 2015-01-22 14:02

Updated : 2024-11-21 02:24


NVD link : CVE-2015-0925

Mitre link : CVE-2015-0925

CVE.ORG link : CVE-2015-0925


JSON object : View

Products Affected

ipass

  • ipass_open_mobile
CWE
CWE-94

Improper Control of Generation of Code ('Code Injection')