The iTopVPNmini.exe component of iTop VPN 3.2 will try to connect to datastate_iTopVPN_Pipe_Server on a loop. An attacker that opened a named pipe with the same name can use it to gain the token of another user by listening for connections and abusing ImpersonateNamedPipeClient().
Name | Vendor | Start Version | End Version |
---|---|---|---|
Itop_vpn | Iobit | 3.2 (including) | 3.2 (including) |