CVE-2015-0925

Ipass Open Mobile < 2.4.4 - Code Injection

Title source: rule

Description

The client in iPass Open Mobile before 2.4.5 on Windows allows remote authenticated users to execute arbitrary code via a DLL pathname in a crafted Unicode string that is improperly handled by a subprocess reached through a named pipe, as demonstrated by a UNC share pathname.

Exploits (3)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotewindows

https://www.exploit-db.com/exploits/36412

View Code ZIP pw:eip

metasploit WORKING POC EXCELLENT

by Matthias Kaiser · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/smb/ipass_pipe_exec.rb

View Code ZIP pw:eip

metasploit WORKING POC EXCELLENT

by h0ng10 · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/local/ipass_launch_app.rb

View Code ZIP pw:eip

References (1)

[Third Party Advisory, US Government Resource] http://www.kb.cert.org/vuls/id/110652

Scores

EPSS 0.6829

EPSS Percentile 98.6%

Details

CWE

CWE-94

Status published

Products (1)

ipass/ipass_open_mobile < 2.4.4

Published Jan 22, 2015

Tracked Since Feb 18, 2026