How I could (i)pass your client security

This was originally posted on blogger here. Half a year ago I stumbled over a software called iPass Open Mobile during a Windows Client security review. iPass Open Mobile helps you in getting network connectivity over Wifi-Hotspots, modem, DSL, etc. It’s widely deployed on Windows Clients in large corporations. Summary From US CERT VU#110652: The iPass Open Mobile Windows Client versions 2.4.4 and earlier allows Remote Code Execution as SYSTEM. It utilizes named pipes for interprocess communication.