The client in iPass Open Mobile before 2.4.5 on Windows allows remote authenticated users to execute arbitrary code via a DLL pathname in a crafted Unicode string that is improperly handled by a subprocess reached through a named pipe, as demonstrated by a UNC share pathname.
References
Link | Resource |
---|---|
http://www.kb.cert.org/vuls/id/110652 | Third Party Advisory US Government Resource |
http://www.kb.cert.org/vuls/id/110652 | Third Party Advisory US Government Resource |
Configurations
History
21 Nov 2024, 02:24
Type | Values Removed | Values Added |
---|---|---|
References | () http://www.kb.cert.org/vuls/id/110652 - Third Party Advisory, US Government Resource |
Information
Published : 2015-01-22 14:02
Updated : 2024-11-21 02:24
NVD link : CVE-2015-0925
Mitre link : CVE-2015-0925
CVE.ORG link : CVE-2015-0925
JSON object : View
Products Affected
ipass
- ipass_open_mobile
CWE
CWE-94
Improper Control of Generation of Code ('Code Injection')