This issue has been addressed in IPUtility v4.18.0 and later versions. In addition to this issue, IPUtility.exe has a high likelihood of crashing on Windows XP due to missing Windows XP support.
Sensitive information disclosure through DLL hijacking is possible in IPUtility.exe when DLLs are loaded from the same folder as the compromised DLL. A remote attacker could potentially exploit this vulnerability to get access to system privileges. This vulnerability was reported to vendors on Jan 5th, 2018. IPUtility.exe versions prior to 4.17.0 are prone to crashing on Windows XP due to missing OS support. A fix was released on Oct 30th, 2017. IPUtility.exe has a high likelihood of crashing on Windows XP due to missing Windows XP support.
Vulnerable Applications br pshutdown.exe, ialmnt.exe, iapplog.exe
Vulnerability Summary
An information disclosure vulnerability has been identified in IPUtility.exe that can be exploited by remote, unauthenticated attackers to get access to system privileges.
I
PUtility.exe has a high likelihood of crashing on Windows XP due to missing OS support
Due to the fact that IPUtility.exe is not compatible with Windows XP, it is more likely that it will crash, leading to a system-wide denial of service (DoS). If this occurs, the system will be rebooted and the application will need to be restarted manually. The root cause of the crashes is missing Windows XP support which was fixed in IPUtility v4.17.0 and later versions.
Affected versions:
IPUtility 4.17.0 - 4.18.0
IPUtility.exe version 4.17.0 is not vulnerable to these issues
IPUtility.exe has a high likelihood of crashing on Windows XP due to missing Windows XP support. In addition to this issue, IPUtility.exe has the following vulnerabilities:
1) CVE-2022-23410 - Sensitive information disclosure through DLL hijacking is possible in IPUtility.exe when DLLs are loaded from the same folder as the compromised DLL. A remote attacker could potentially exploit this vulnerability to get access to system privileges. This vulnerability was reported to vendors on Jan 5th, 2018;
2) CVE-2017-11882 - A denial of service vulnerability was discovered in IPUtility.exe versions prior to 4.17.0 and allows a process with malicious intent to be difficult or impossible for legitimate processes to allocate memory resources required for proper operation of those legitimate processes.
Timeline
Published on: 02/14/2022 22:15:00 UTC
Last modified on: 05/11/2022 14:23:00 UTC