### [CVE-2015-0925](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0925)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)

### Description

The client in iPass Open Mobile before 2.4.5 on Windows allows remote authenticated users to execute arbitrary code via a DLL pathname in a crafted Unicode string that is improperly handled by a subprocess reached through a named pipe, as demonstrated by a UNC share pathname.

### POC

#### Reference
- http://www.kb.cert.org/vuls/id/110652

#### Github
- https://github.com/ARPSyndicate/cvemon