Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2015-0925

Overview

Vulnerability Score 9.0 9.0
CVE Id CVE-2015-0925
Last Modified 23 Jan 2015 09:26:31
Published 22 Jan 2015 09:02:59
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2015-0925

Summary

The client in iPass Open Mobile before 2.4.5 on Windows allows remote authenticated users to execute arbitrary code via a DLL pathname in a crafted Unicode string that is improperly handled by a subprocess reached through a named pipe, as demonstrated by a UNC share pathname.

Vulnerable Systems

Application

  • Ipass Open Mobile 2.4.4


References

CERT-VN - VU#110652


Last Updated: 27 May 2016 11:07:36